Skip to main content

SSRF

2868 CVEs technique

Monthly

CVE-2024-34453 MEDIUM This Month

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-3047 HIGH PATCH This Week

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Woocommerce Pdf Invoices Packing Slips
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-23336 MEDIUM PATCH This Month

MyBB is a free and open source forum software. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

SSRF PHP Mybb
NVD GitHub
CVSS 3.1
5.0
EPSS
0.5%
CVE-2024-33832 MEDIUM POC This Month

OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-2663 HIGH This Week

The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-0216 MEDIUM This Month

The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress SSRF
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-33449 CRITICAL Act Now

An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE CSRF
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33590 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin - BasePress.16.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-33634 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.1.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-33629 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).0.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-33627 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.2.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-33592 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.0.73. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32812 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.0.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Podlove Podcast Publisher
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32803 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.40.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-32775 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.1.9. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Google
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-32718 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.0.8.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF The Pack Elementor Addons Elementor
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-32955 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.5.43.7212. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-32819 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Culqi.0.14. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-32407 HIGH POC This Week

An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Relate
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-27347 Maven MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.0.0 before 1.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Hugegraph Hubble
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-31993 MEDIUM PATCH This Month

Mealie is a self hosted recipe manager and meal planner. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mealie
NVD GitHub
CVSS 3.1
4.5
EPSS
0.4%
CVE-2024-31991 LOW PATCH Monitor

Mealie is a self hosted recipe manager and meal planner. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mealie
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-29029 Go MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Memos
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-3684 HIGH This Week

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-29030 Go MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-29028 Go MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-2796 CRITICAL Act Now

A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-29021 CRITICAL Act Now

Judge0 is an open-source online code execution system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF RCE
NVD GitHub
CVSS 3.1
9.0
EPSS
20.2%
CVE-2024-31229 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.2.3. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29035 NuGet MEDIUM PATCH This Month

Umbraco is an ASP.NET CMS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Umbraco Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-6805 MEDIUM PATCH This Month

The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Rss Aggregator By Feedzy
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-22329 MEDIUM This Month

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF IBM Websphere Application Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-22354 HIGH This Week

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM SSRF XXE Websphere Application Server
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2024-30256 MEDIUM POC This Month

Open WebUI is a user-friendly WebUI for LLMs. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Webui
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-22262 Maven HIGH PATCH This Week

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-1183 PyPI MEDIUM POC PATCH This Month

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Open Redirect Gradio
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2024-32430 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.1.14. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Activecampaign
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-32454 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more - Wappointment.6.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-31461 CRITICAL Act Now

Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-27477 MEDIUM POC This Month

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Leantime
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3448 MEDIUM This Month

Users with low privileges can perform certain AJAX actions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-2343 MEDIUM POC This Month

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SSRF Avada
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1812 HIGH PATCH This Week

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF WordPress Everest Forms
NVD VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-6964 HIGH This Week

The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Gutenberg Blocks With Ai
NVD VulDB
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-2223 CRITICAL Act Now

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay.0.5.200089 Bitdefender. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Endpoint Security Gravityzone Control Center
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-1233 Maven HIGH This Week

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-27898 MEDIUM This Month

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Netweaver
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-31288 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.2.11. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-27620 HIGH POC This Week

An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-31215 PyPI MEDIUM PATCH This Month

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Apple Google Microsoft Mobile Security Framework
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-29007 HIGH This Week

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cloudstack
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-20332 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco Identity Services Engine
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-25864 CRITICAL Act Now

Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE PHP
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-30532 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.0.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-30531 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.2.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-24888 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.2.25. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-25187 HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF 71Cms
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-30453 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.6.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-27775 HIGH This Week

SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-50374 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP - Coming Soon & Maintenance.1.10. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29090 MEDIUM POC This Month

Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.1.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ai Engine
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-23500 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.2.19. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
7.7
EPSS
0.7%
CVE-2023-39313 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.11.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Avada
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2023-36679 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.6.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Spectra
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-34370 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates - Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.2.4; Premium. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0677 MEDIUM POC This Month

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Pz Linkcard
NVD WPScan
CVSS 3.1
5.1
EPSS
0.3%
CVE-2024-2206 PyPI MEDIUM POC PATCH This Month

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Gradio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-28435 MEDIUM POC This Month

The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF File Upload Twenty
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29190 PyPI HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Google Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2828 HIGH POC This Week

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2827 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27927 npm MEDIUM POC PATCH This Month

RSSHub is an open source RSS feed generator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Rsshub
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-24028 MEDIUM This Month

Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Likeshop
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-25294 CRITICAL Act Now

An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Rebuild
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-27098 CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glpi
NVD GitHub
CVSS 3.1
9.6
EPSS
35.7%
CVE-2024-22259 Maven HIGH PATCH This Week

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect Spring Framework Active Iq Unified Manager
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2024-28752 Maven CRITICAL POC PATCH Act Now

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Cxf Oncommand Workflow Automation Ontap Tools
NVD
CVSS 3.1
9.3
EPSS
5.8%
CVE-2024-1884 MEDIUM This Month

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
37.9%
CVE-2024-28668 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2049 MEDIUM This Month

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Citrix Sd Wan 1000 Firmware Sd Wan 110 Firmware Sd Wan 1100 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-28198 HIGH PATCH This Week

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Openolat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-27707 MEDIUM This Month

Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-28216 MEDIUM This Month

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SSRF Ngrinder
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28215 HIGH This Week

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SSRF Ngrinder
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27565 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Chatgpt Wechat Personal
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-27564 MEDIUM POC THREAT This Month

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Chatgpt
NVD GitHub
CVSS 3.1
6.5
EPSS
40.6%
CVE-2024-27563 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wondercms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-27561 HIGH POC This Week

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wondercms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-26469 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF CSRF Denial Of Service Product Designer
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-2057 PyPI CRITICAL POC PATCH Act Now

A vulnerability was found in LangChain langchain_community 0.0.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Langchain
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
EPSS 0% CVSS 4.3
MEDIUM This Month

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Woocommerce Pdf Invoices Packing Slips
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

MyBB is a free and open source forum software. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

SSRF PHP Mybb
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC This Month

OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub
EPSS 0% CVSS 8.3
HIGH This Week

The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress SSRF
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE CSRF
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin - BasePress.16.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.1.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).0.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.2.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.0.73. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.0.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Podlove Podcast Publisher
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.40.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.1.9. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Google
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.0.8.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF The Pack Elementor Addons Elementor
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.5.43.7212. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Culqi.0.14. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Relate
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.0.0 before 1.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Hugegraph Hubble
NVD
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

Mealie is a self hosted recipe manager and meal planner. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mealie
NVD GitHub
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Mealie is a self hosted recipe manager and meal planner. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mealie
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Memos
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Enterprise Server
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 20% CVSS 9.0
CRITICAL Act Now

Judge0 is an open-source online code execution system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF RCE
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.2.3. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Umbraco is an ASP.NET CMS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Umbraco Cms
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Rss Aggregator By Feedzy
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF IBM Websphere Application Server
NVD
EPSS 1% CVSS 7.0
HIGH This Week

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM SSRF XXE +1
NVD
EPSS 0% CVSS 6.4
MEDIUM POC This Month

Open WebUI is a user-friendly WebUI for LLMs. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Webui
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Open Redirect Gradio
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.1.14. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Activecampaign
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more - Wappointment.6.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Leantime
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

Users with low privileges can perform certain AJAX actions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.4
MEDIUM POC This Month

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SSRF Avada
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF WordPress Everest Forms
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

The Gutenberg Blocks by Kadence Blocks - Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Gutenberg Blocks With Ai
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay.0.5.200089 Bitdefender. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Endpoint Security +1
NVD
EPSS 1% CVSS 7.3
HIGH This Week

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Netweaver
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.2.11. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD Exploit-DB VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Apple Google +2
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cloudstack
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco Identity Services Engine
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE PHP
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.0.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.2.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.2.25. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
EPSS 1% CVSS 8.6
HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF 71Cms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.6.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 1% CVSS 7.2
HIGH This Week

SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP - Coming Soon & Maintenance.1.10. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.1.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ai Engine
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.2.19. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.11.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Avada
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.6.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Spectra
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates - Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.2.4; Premium. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Pz Linkcard
NVD WPScan
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Gradio
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF File Upload Twenty
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Google Mobile Security Framework
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Easyadmin
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Easyadmin
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

RSSHub is an open source RSS feed generator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Rsshub
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Likeshop
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Rebuild
NVD GitHub VulDB
EPSS 36% CVSS 9.6
CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glpi
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect +2
NVD
EPSS 6% CVSS 9.3
CRITICAL POC PATCH Act Now

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Cxf +2
NVD
EPSS 38% CVSS 6.5
MEDIUM This Month

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Papercut Mf Papercut Ng
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP CSRF +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Citrix Sd Wan 1000 Firmware +11
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Openolat
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SSRF +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SSRF +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Chatgpt Wechat Personal
NVD GitHub
EPSS 41% CVSS 6.5
MEDIUM POC THREAT This Month

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Chatgpt
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wondercms
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Wondercms
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF CSRF Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

A vulnerability was found in LangChain langchain_community 0.0.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Langchain
NVD GitHub VulDB
Prev Page 21 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy