Skip to main content

SSRF

2868 CVEs technique

Monthly

CVE-2024-38758 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.0.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-29736 Maven CRITICAL PATCH Act Now

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Cxf
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-21527 Go HIGH POC PATCH This Week

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.6%
CVE-2024-40642 Maven HIGH POC PATCH This Week

The netty incubator codec.bhttp is a java language binary http parser. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSRF Java Netty Incubator Codec Ohttp
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-30125 MEDIUM This Month

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required. No vendor patch available.

SSRF Bigfix Compliance
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-31979 LIB MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Apache Streampipes
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-40632 Go LOW PATCH Monitor

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Kubernetes
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-36458 MEDIUM This Month

The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-39739 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-40544 HIGH POC This Week

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Publiccms
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-40543 HIGH POC This Week

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Publiccms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-32987 HIGH PATCH This Week

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-37171 MEDIUM This Month

SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Saptmui Transportation Management
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-34689 MEDIUM This Month

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP Business Workflow Sap Basis
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-39598 HIGH This Week

SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP Customer Relationship Management S4Fnd Customer Relationship Management Webclient Ui
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-39699 npm MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Directus
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-31897 MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6095 MEDIUM POC PATCH This Month

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Authentication Bypass Localai
NVD GitHub
CVSS 3.1
5.8
EPSS
2.5%
CVE-2024-37260 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.3.5. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Foxiz
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-37208 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-34361 HIGH POC PATCH This Week

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Pi Hole
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2024-39687 npm HIGH PATCH This Week

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-29319 CRITICAL POC Act Now

Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-6524 PHP MEDIUM POC This Month

A vulnerability was found in ShopXO up to 6.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP CSRF Shopxo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-37157 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6424 HIGH This Week

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mesbook
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-38514 HIGH POC This Week

NextChat is a cross-platform ChatGPT/Gemini UI. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.4
EPSS
2.2%
CVE-2024-5736 HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla!. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF PHP Admirorframes
NVD GitHub
CVSS 4.0
8.2
EPSS
1.2%
CVE-2024-5885 HIGH POC This Week

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Quivr
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-5822 PyPI CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Chuanhuchatgpt
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5820 HIGH POC This Week

An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SSRF Devika
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-37098 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.2.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Blossomthemes Email Newsletter
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-34581 HIGH This Week

The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-34580 MEDIUM This Month

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

SSRF Apache
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-29173 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Dell Data Domain Operating System
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-5015 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5014 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-4940 PyPI MEDIUM POC This Month

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Open Redirect Gradio
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-5746 HIGH This Week

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-37818 npm HIGH POC This Week

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Strapi
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-5021 CRITICAL Act Now

The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
9.3
EPSS
0.7%
CVE-2023-6696 HIGH PATCH This Week

The Popup Builder - Create highly converting, mobile friendly marketing popups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress SSRF Popup Builder
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-4404 HIGH This Week

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Elementskit
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-37164 HIGH PATCH This Week

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Computer Vision Annotation Tool
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-34111 PHP HIGH PATCH This Week

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Commerce Webhooks Magento
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-36414 MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4354 MEDIUM PATCH This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Tablepress
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2024-5328 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lunary
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-5186 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Authentication Bypass File Upload Privategpt
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-4851 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Quivr
NVD
CVSS 3.1
7.7
EPSS
0.6%
CVE-2024-3149 HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Nginx Anythingllm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-3095 PyPI HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Langchain
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2024-5482 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Lollms Web Ui
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-4325 PyPI HIGH POC THREAT This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Gradio
NVD
CVSS 3.1
8.6
EPSS
37.4%
CVE-2024-3152 HIGH POC PATCH This Week

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Anythingllm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-4177 CRITICAL Act Now

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-20404 MEDIUM POC THREAT This Month

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cisco Finesse
NVD
CVSS 3.1
5.3
EPSS
21.7%
CVE-2024-5526 CRITICAL Act Now

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Grafana Oncall
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-4084 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Anythingllm
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-36675 CRITICAL POC Act Now

LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lylme Spage
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2024-4219 CRITICAL Act Now

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Beyondinsight
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-35635 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.0.9. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ninja Tables
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-35633 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Creative Themes Blocksy Companion blocksy-companion.0.42. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-35637 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.3.6. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

SSRF
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-7073 MEDIUM This Month

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library AJAX action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4469 HIGH POC This Week

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Wp Staging
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-29415 npm HIGH This Week

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Node.js
NVD GitHub
CVSS 3.1
8.1
EPSS
8.3%
CVE-2024-4399 CRITICAL POC Act Now

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Central Authentication Service
NVD WPScan
CVSS 3.1
9.1
EPSS
1.8%
CVE-2024-1855 MEDIUM PATCH This Month

The WPCafe - Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Wpcafe
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-25738 PHP CRITICAL PATCH Act Now

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE PHP
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-25737 PHP MEDIUM PATCH This Month

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5031 HIGH This Week

The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Memberpress
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-30420 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF A Blog Cms
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-32830 HIGH PATCH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.8.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Path Traversal Buddyforms
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-4789 MEDIUM This Month

Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-27954 CRITICAL POC THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.92.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal
NVD
CVSS 3.1
9.3
EPSS
73.0%
CVE-2024-3970 HIGH This Week

Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Information Disclosure Imanager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-3485 HIGH This Week

Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Imanager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-4894 MEDIUM This Month

ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-4562 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-4561 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-0862 MEDIUM This Month

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-33864 MEDIUM This Month

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Linqi
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-35172 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.8.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-34351 npm HIGH POC PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
5.5%
CVE-2024-33250 HIGH This Week

An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-32964 npm CRITICAL POC PATCH THREAT Act Now

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
CVSS 3.1
9.0
EPSS
52.7%
CVE-2024-1467 MEDIUM This Month

The Starter Templates - Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-33857 CRITICAL Act Now

An issue was discovered in Logpoint before 7.4.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Siem
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-33117 MEDIUM This Month

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crmeb Java
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.0.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Cxf
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF
NVD GitHub VulDB
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

The netty incubator codec.bhttp is a java language binary http parser. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSRF Java Netty Incubator Codec Ohttp
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required. No vendor patch available.

SSRF Bigfix Compliance
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Apache Streampipes
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Kubernetes
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM This Month

The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Datacap +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Publiccms
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Publiccms
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Saptmui +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP +2
NVD
EPSS 0% CVSS 7.7
HIGH This Week

SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP +2
NVD
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Directus
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Cloud Pak For Business Automation
NVD
EPSS 2% CVSS 5.8
MEDIUM POC PATCH This Month

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Authentication Bypass Localai
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.3.5. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Foxiz
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Pi Hole
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in ShopXO up to 6.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP CSRF +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mesbook
NVD
EPSS 2% CVSS 7.4
HIGH POC This Week

NextChat is a cross-platform ChatGPT/Gemini UI. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
EPSS 1% CVSS 8.2
HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla!. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF PHP Admirorframes
NVD GitHub
EPSS 1% CVSS 8.6
HIGH POC This Week

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Quivr
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Chuanhuchatgpt
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SSRF Devika
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.2.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Blossomthemes Email Newsletter
NVD
EPSS 0% CVSS 7.3
HIGH This Week

The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

SSRF Apache
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Dell Data Domain Operating System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Open Redirect +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE Enterprise Server
NVD GitHub
EPSS 1% CVSS 8.6
HIGH POC This Week

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Strapi
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The Popup Builder - Create highly converting, mobile friendly marketing popups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress SSRF +1
NVD
EPSS 0% CVSS 8.5
HIGH This Week

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Elementskit
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Computer Vision Annotation Tool
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suitecrm
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Tablepress
NVD
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lunary
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Authentication Bypass +2
NVD
EPSS 1% CVSS 7.7
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Quivr
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Nginx Anythingllm
NVD GitHub
EPSS 1% CVSS 7.7
HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Langchain
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Lollms Web Ui
NVD
EPSS 37% CVSS 8.6
HIGH POC THREAT This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Gradio
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Anythingllm
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
EPSS 22% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cisco Finesse
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Grafana Oncall
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Anythingllm
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lylme Spage
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Beyondinsight
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.0.9. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ninja Tables
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Creative Themes Blocksy Companion blocksy-companion.0.42. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.3.6. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

SSRF
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library AJAX action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Wp Staging
NVD WPScan
EPSS 8% CVSS 8.1
HIGH This Week

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Node.js
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Central Authentication Service
NVD WPScan
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The WPCafe - Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Wpcafe
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE PHP
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP XSS
NVD GitHub
EPSS 1% CVSS 8.5
HIGH This Week

The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Memberpress
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF A Blog Cms
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.8.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Path Traversal Buddyforms
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 73% CVSS 9.3
CRITICAL POC THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.92.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Imanager
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Linqi
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.8.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next Js
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
EPSS 53% CVSS 9.0
CRITICAL POC PATCH THREAT Act Now

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

The Starter Templates - Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

An issue was discovered in Logpoint before 7.4.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Siem
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crmeb Java
NVD GitHub
Prev Page 20 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy