Skip to main content

SSRF

2868 CVEs technique

Monthly

CVE-2024-50811 CRITICAL Act Now

hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-47190 LOW Monitor

Northern.tech Hosted Mender before 2024.07.11 allows SSRF. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2024-46947 MEDIUM This Month

Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48951 HIGH This Week

An issue was discovered in Logpoint before 7.5.0. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

SSRF Authentication Bypass Siem
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20531 MEDIUM This Month

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco XXE Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-51358 CRITICAL Act Now

An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-51740 HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-51501 NuGet CRITICAL PATCH Act Now

Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
10.0
EPSS
0.5%
CVE-2024-48052 PyPI MEDIUM POC This Month

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gradio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-51665 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Server Side Request Forgery.2.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Epss exploitation probability 35.4% and no vendor patch available.

SSRF Elementor
NVD
CVSS 3.1
4.9
EPSS
35.4%
CVE-2024-51408 MEDIUM POC This Month

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Appsmith
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-21510 Ruby MEDIUM PATCH This Month

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Redirect Nginx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-48360 HIGH POC This Week

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Qualitor
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2024-51242 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Eladmin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48346 MEDIUM This Month

xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data/upload path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-48107 MEDIUM This Month

SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Sparkshop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-48178 HIGH POC This Week

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Newbee Mall
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-48234 MEDIUM This Month

An issue was discovered in mipjz 5.0.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-48232 MEDIUM POC This Month

An issue was found in mipjz 5.0.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mipjz
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-48450 MEDIUM This Month

An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE File Upload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-47883 Maven CRITICAL POC PATCH Act Now

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF RCE Path Traversal XSS Butterfly
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-20274 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco Secure Firewall Management Center
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-45518 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XSS Command Injection Collaboration
NVD
CVSS 3.1
8.8
EPSS
20.3%
CVE-2024-49312 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.0.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-6763 Maven MEDIUM POC PATCH This Month

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Open Redirect Jetty
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-46468 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Jpress
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-47830 MEDIUM POC PATCH This Month

Plane is an open-source project management tool. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plane
NVD GitHub
CVSS 3.1
5.8
EPSS
0.6%
CVE-2024-45317 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-47167 PyPI MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Python Gradio
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-8977 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-45119 PHP MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2024-47008 HIGH This Week

Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
46.6%
CVE-2024-45291 PHP HIGH POC PATCH This Week

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE PHP Phpspreadsheet
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9410 MEDIUM POC This Month

Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ada
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-45843 MEDIUM This Month

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mattermost Oracle Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-47222 CRITICAL Act Now

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF My Office Sdk
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-40441 MEDIUM This Month

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-47066 npm HIGH POC PATCH THREAT This Week

Lobe Chat is an open-source artificial intelligence chat framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
CVSS 3.1
8.8
EPSS
11.0%
CVE-2024-43989 HIGH Act Now

Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.8% and no vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
7.5
EPSS
13.8%
CVE-2024-46984 Maven CRITICAL PATCH Act Now

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Reference Validator
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38183 CRITICAL PATCH Act Now

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Groupme
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-47049 PHP HIGH PATCH This Week

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal PHP File Handling
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-6587 PyPI HIGH POC PATCH THREAT MAL This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Authentication Bypass Litellm
NVD GitHub
CVSS 3.1
7.5
EPSS
37.2%
CVE-2024-8635 MEDIUM This Month

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-44677 CRITICAL POC Act Now

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Java Eladmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44721 CRITICAL POC Act Now

SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-40718 HIGH This Week

A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Privilege Escalation
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2024-24759 PyPI CRITICAL POC PATCH Act Now

MindsDB is a platform for building artificial intelligence from enterprise data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Mindsdb
NVD GitHub
CVSS 3.1
9.1
EPSS
4.9%
CVE-2024-45507 CRITICAL POC PATCH THREAT Act Now

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.12.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Code Injection Apache RCE Ofbiz
NVD
CVSS 3.1
9.8
EPSS
93.2%
CVE-2024-6586 HIGH POC This Week

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.3
EPSS
1.8%
CVE-2024-45302 NuGet HIGH POC PATCH This Week

RestSharp is a Simple REST and HTTP API Client for .NET. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Restsharp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-43371 PyPI MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ckan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-43379 Go LOW PATCH Monitor

TruffleHog is a secrets scanning tool. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Trufflehog
NVD GitHub
CVSS 3.1
3.1
EPSS
0.3%
CVE-2024-22219 MEDIUM This Month

XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XXE
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-22218 HIGH This Week

XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XXE
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22217 MEDIUM This Month

A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Terminalfour
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7743 MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7742 MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7740 MEDIUM POC This Month

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-38109 HIGH PATCH This Week

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF Microsoft Azure Health Bot
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-41737 MEDIUM This Month

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP Crm Abap Insights Management
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-41651 HIGH POC This Week

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF RCE Prestashop
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-42467 Maven CRITICAL PATCH Act Now

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF RCE XSS Openhab Web Interface
NVD GitHub
CVSS 3.1
10.0
EPSS
1.0%
CVE-2024-41570 CRITICAL POC Act Now

An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Havoc
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-39338 npm HIGH POC PATCH MAL This Week

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Axios
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-6893 HIGH POC THREAT This Week

The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Journyx
NVD
CVSS 3.1
7.5
EPSS
32.9%
CVE-2024-6522 CRITICAL Act Now

The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Modern Events Calendar Modern Events Calendar Lite
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-38206 MEDIUM PATCH This Month

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF Microsoft Copilot Studio
NVD
CVSS 3.1
6.5
EPSS
12.3%
CVE-2024-42352 npm HIGH POC PATCH This Week

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Nuxt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-36448 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench.13.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Iotdb Workbench
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-39713 npm HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Rocket Chat
NVD
CVSS 3.1
8.6
EPSS
3.2%
CVE-2024-39637 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in pixelcurve Edubin edubin.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-38791 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ai Engine
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-38746 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MakeStories Team MakeStories (for Google Web Stories) allows Path Traversal, Server Side Request. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Path Traversal Google
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-2090 MEDIUM This Month

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Remote Content Shortcode
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-7330 MEDIUM POC This Month

A vulnerability has been found in YouDianCMS 7 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Youdiancms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6980 CRITICAL Act Now

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Information Disclosure Gravityzone
NVD
CVSS 4.0
9.2
EPSS
0.6%
CVE-2024-41305 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wondercms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-41120 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-41118 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41813 HIGH POC PATCH This Week

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Txtdot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41812 HIGH POC PATCH This Week

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Txtdot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6922 MEDIUM POC THREAT This Month

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
6.9
EPSS
30.2%
CVE-2024-41668 HIGH This Week

The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Nginx
NVD GitHub
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-41664 MEDIUM This Month

Canarytokens help track activity and actions on a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Docker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-4260 MEDIUM POC This Month

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Coblocks
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-38730 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.1.41. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Magical Addons For Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-38728 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.DOCX Source: from n/a through 2.16.9. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Seraphinite Post Docx Source
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-38723 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.5.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Json Content Importer
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-37942 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.7.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Berqwp
NVD
CVSS 3.1
7.2
EPSS
0.3%
EPSS 0% CVSS 9.1
CRITICAL Act Now

hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 2.7
LOW Monitor

Northern.tech Hosted Mender before 2024.07.11 allows SSRF. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Logpoint before 7.5.0. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

SSRF Authentication Bypass Siem
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco XXE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Itop
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gradio
NVD GitHub
EPSS 35% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Server Side Request Forgery.2.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Epss exploitation probability 35.4% and no vendor patch available.

SSRF Elementor
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Appsmith
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Redirect Nginx
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Qualitor
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Eladmin
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data/upload path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Sparkshop
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC This Week

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Newbee Mall
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

An issue was discovered in mipjz 5.0.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC This Month

An issue was found in mipjz 5.0.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mipjz
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE File Upload
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF RCE Path Traversal +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco Secure Firewall Management Center
NVD
EPSS 20% CVSS 8.8
HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XSS +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.0.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Open Redirect Jetty
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Jpress
NVD GitHub
EPSS 1% CVSS 5.8
MEDIUM POC PATCH This Month

Plane is an open-source project management tool. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plane
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Python Gradio
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce +2
NVD
EPSS 47% CVSS 7.5
HIGH This Week

Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE PHP +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ada
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mattermost Oracle +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF My Office Sdk
NVD
EPSS 1% CVSS 6.6
MEDIUM This Month

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD GitHub
EPSS 11% CVSS 8.8
HIGH POC PATCH THREAT This Week

Lobe Chat is an open-source artificial intelligence chat framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
EPSS 14% CVSS 7.5
HIGH Act Now

Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.8% and no vendor patch available.

SSRF
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Reference Validator
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Groupme
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal PHP +1
NVD GitHub
EPSS 37% CVSS 7.5
HIGH POC PATCH THREAT This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Authentication Bypass Litellm
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Java +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Seacms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Privilege Escalation
NVD
EPSS 5% CVSS 9.1
CRITICAL POC PATCH Act Now

MindsDB is a platform for building artificial intelligence from enterprise data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Mindsdb
NVD GitHub
EPSS 93% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.12.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Code Injection Apache +2
NVD
EPSS 2% CVSS 7.3
HIGH POC This Week

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

RestSharp is a Simple REST and HTTP API Client for .NET. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Restsharp
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ckan
NVD GitHub
EPSS 0% CVSS 3.1
LOW PATCH Monitor

TruffleHog is a secrets scanning tool. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Trufflehog
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XXE
NVD
EPSS 1% CVSS 8.8
HIGH This Week

XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XXE
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Terminalfour
NVD
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF Microsoft Azure Health Bot
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP +1
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF RCE Prestashop
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF RCE XSS +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Havoc
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Axios
NVD GitHub
EPSS 33% CVSS 7.5
HIGH POC THREAT This Week

The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Journyx
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Modern Events Calendar +1
NVD
EPSS 12% CVSS 6.5
MEDIUM PATCH This Month

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF Microsoft Copilot Studio
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Nuxt
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench.13.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Iotdb Workbench
NVD
EPSS 3% CVSS 8.6
HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Rocket Chat
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in pixelcurve Edubin edubin.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ai Engine
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MakeStories Team MakeStories (for Google Web Stories) allows Path Traversal, Server Side Request. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Path Traversal Google
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Remote Content Shortcode
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in YouDianCMS 7 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Youdiancms
NVD VulDB
EPSS 1% CVSS 9.2
CRITICAL Act Now

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Information Disclosure Gravityzone
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wondercms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Streamlit Geospatial
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Streamlit Geospatial
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Txtdot
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Txtdot
NVD GitHub
EPSS 30% CVSS 6.9
MEDIUM POC THREAT This Month

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 1% CVSS 8.3
HIGH This Week

The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Nginx
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Canarytokens help track activity and actions on a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Docker
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Coblocks
NVD WPScan
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.1.41. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Magical Addons For Elementor
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.DOCX Source: from n/a through 2.16.9. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Seraphinite Post Docx Source
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.5.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Json Content Importer
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.7.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Berqwp
NVD
Prev Page 19 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy