Skip to main content

SSRF

2868 CVEs technique

Monthly

CVE-2023-35175 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE HP W1A75A Firmware W1A76A Firmware +36
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-3432 Maven CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plantuml Fedora
NVD GitHub
CVSS 3.1
10.0
EPSS
0.9%
CVE-2023-33176 MEDIUM PATCH This Month

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Bigbluebutton
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-36661 HIGH POC Act Now

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Xmltooling Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2023-35133 PHP HIGH PATCH This Week

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Moodle
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-26435 MEDIUM This Month

It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite Backend
NVD
CVSS 3.1
5.0
EPSS
0.8%
CVE-2023-26431 MEDIUM This Month

IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite Backend
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-24243 HIGH POC This Week

CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Arc
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2023-29292 PHP MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Magento
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-29291 PHP MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Magento
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-21105 MEDIUM PATCH This Month

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-3238 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62.php?mudi=getSignal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3236 HIGH POC This Week

A vulnerability classified as critical has been found in mccms up to 2.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3235 HIGH POC This Week

A vulnerability was found in mccms up to 2.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3233 HIGH POC This Week

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Crmeb
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-25609 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3188 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Owncast
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-2249 HIGH PATCH Act Now

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.2%.

Deserialization WordPress PHP SSRF RCE +2
NVD VulDB
CVSS 3.1
8.8
EPSS
48.2%
CVE-2023-1895 HIGH This Week

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Getwid
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-32750 MEDIUM POC This Month

Pydio Cells through 4.1.2 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cells
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
3.8%
CVE-2023-34959 MEDIUM PATCH This Month

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-32683 PyPI MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python SSRF Authentication Bypass Synapse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3121 MEDIUM POC This Month

A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dahua SSRF Smart Parking Management
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-28824 MEDIUM This Month

Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Conprosys Hmi System
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-23955 HIGH This Week

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Advanced Secure Gateway Content Analysis
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-3015 CRITICAL Act Now

A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Vip Video Analysis
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-2287 MEDIUM POC This Month

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Orbitfox
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-1938 HIGH POC This Week

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress CSRF Wp Fastest Cache
NVD WPScan
CVSS 3.1
8.8
EPSS
8.5%
CVE-2023-2927 CRITICAL POC Act Now

A vulnerability was found in JIZHICMS 2.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Jizhicms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33184 MEDIUM PATCH This Month

Nextcloud Mail is a mail app in Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32348 MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Remote Management System
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2023-20174 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE SSRF Identity Services Engine
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-20173 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE SSRF Identity Services Engine
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-31848 HIGH This Week

davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Davinci
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-23169 MEDIUM POC This Month

Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal SSRF Pdfocus
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-24954 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-30019 Go MEDIUM POC PATCH This Month

imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Imgproxy
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-30444 MEDIUM PATCH This Month

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Watson Machine Learning On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-26735 HIGH This Week

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Blackbox Exporter
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2140 HIGH This Week

A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Delmia Apriso
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25504 PyPI MEDIUM PATCH This Month

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Superset
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-28288 HIGH POC PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Microsoft Sharepoint Foundation Sharepoint Server
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
6.2%
CVE-2023-1971 PHP MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Tpadmin
NVD VulDB
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-29010 MEDIUM PATCH This Month

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Budibase
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-29008 npm HIGH PATCH This Week

The SvelteKit framework offers developers an option to create simple REST APIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Google SSRF Apple Authentication Bypass Mozilla +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-28633 MEDIUM PATCH This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-20030 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE SSRF Identity Services Engine
NVD
CVSS 3.1
6.0
EPSS
0.8%
CVE-2023-27163 Go MEDIUM POC This Month

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Request Baskets
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
7.5%
CVE-2023-27162 Maven CRITICAL POC Act Now

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Openapi Generator
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-27160 HIGH POC This Week

forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Forem
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-27159 PHP HIGH POC THREAT Act Now

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.2%.

SSRF Appwrite
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
36.2%
Threat
4.1
CVE-2023-1725 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.09.31.125. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Project Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-25195 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Fineract
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-25262 HIGH POC This Week

Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Designer
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-1634 CRITICAL POC Act Now

A vulnerability was found in OTCMS 6.72. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27586 PyPI HIGH POC PATCH This Week

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Cairosvg
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-28112 HIGH PATCH This Week

Discourse is an open-source discussion platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-28111 HIGH PATCH This Week

Discourse is an open-source discussion platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28155 npm MEDIUM POC PATCH This Month

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js SSRF Request
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-27896 HIGH This Week

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SSRF Businessobjects Business Intelligence
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-27271 HIGH This Week

In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SSRF Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26459 HIGH This Week

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SSRF Netweaver Application Server Abap
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-27161 HIGH POC This Week

Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jellyfin
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25230 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Loonflow
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-26492 npm HIGH POC PATCH This Week

Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Information Disclosure Directus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-20062 MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco Packaged Contact Center Enterprise Unified Contact Center Enterprise +2
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-20061 MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco Packaged Contact Center Enterprise Unified Contact Center Enterprise +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1046 HIGH POC This Week

A vulnerability classified as critical has been found in MuYuCMS 2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Muyucms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-22936 MEDIUM This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk SSRF Splunk Cloud Platform
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-25162 MEDIUM POC This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-45085 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.01.01. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Smartpower Web
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-25557 CRITICAL Act Now

DataHub is an open-source metadata platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Datahub
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-0574 CRITICAL Act Now

Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Yugabytedb Managed
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-23943 MEDIUM POC PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-24623 Go HIGH PATCH This Week

Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Paranoidhttp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-24622 PyPI MEDIUM POC PATCH This Month

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Python Safeurl Python
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-24060 MEDIUM POC This Month

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Haven
NVD GitHub
CVSS 3.1
5.0
EPSS
0.5%
CVE-2023-24495 MEDIUM PATCH This Month

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Tenable Sc
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-24429 Maven CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Semantic Versioning
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-23560 CRITICAL Act Now

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF B2236 Firmware B2338 Firmware B2442 Firmware B2546 Firmware +124
NVD
CVSS 3.1
9.8
EPSS
15.0%
CVE-2021-37498 MEDIUM This Month

An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Reprise License Manager
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-20002 MEDIUM This Month

A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

SSRF Cisco Roomos Telepresence Collaboration Endpoint
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-22493 npm HIGH POC PATCH This Week

RSSHub is an open source RSS feed generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Rsshub
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-21761 HIGH This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-38212 HIGH This Week

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-38211 HIGH This Week

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-38203 HIGH This Week

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-23544 MEDIUM POC PATCH This Month

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Metersphere
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-45429 HIGH PATCH This Week

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-4725 Maven CRITICAL PATCH Act Now

A vulnerability was found in AWS SDK 2.59.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Java SSRF Google Aws Software Development Kit
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE HP +38
NVD
EPSS 1% CVSS 10.0
CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plantuml Fedora
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Bigbluebutton
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC Act Now

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Xmltooling +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Moodle
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite Backend
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite Backend
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Arc
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Google Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62.php?mudi=getSignal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in mccms up to 2.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in mccms up to 2.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Crmeb
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Owncast
NVD GitHub
EPSS 48% CVSS 8.8
HIGH PATCH Act Now

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.2%.

Deserialization WordPress PHP +4
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Getwid
NVD
EPSS 4% CVSS 6.5
MEDIUM POC This Month

Pydio Cells through 4.1.2 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cells
NVD Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Chamilo Lms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python SSRF Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC This Month

A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dahua SSRF Smart Parking Management
NVD GitHub VulDB
EPSS 1% CVSS 4.9
MEDIUM This Month

Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Conprosys Hmi System
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Advanced Secure Gateway Content Analysis
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Vip Video Analysis
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Orbitfox
NVD WPScan
EPSS 8% CVSS 8.8
HIGH POC This Week

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress CSRF +1
NVD WPScan
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in JIZHICMS 2.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Jizhicms
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Mail is a mail app in Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 5.8
MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Remote Management System
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE SSRF +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE SSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Davinci
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal SSRF Pdfocus
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Microsoft +14
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Imgproxy
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Watson Machine Learning On Cloud Pak For Data
NVD
EPSS 1% CVSS 7.5
HIGH This Week

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Blackbox Exporter
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Delmia Apriso
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Superset
NVD
EPSS 6% CVSS 8.1
HIGH POC PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Microsoft Sharepoint Foundation +1
NVD Exploit-DB
EPSS 1% CVSS 4.9
MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Tpadmin
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Budibase
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The SvelteKit framework offers developers an option to create simple REST APIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Google SSRF Apple +4
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glpi
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE SSRF +1
NVD
EPSS 7% CVSS 6.5
MEDIUM POC This Month

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Request Baskets
NVD GitHub VulDB
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Openapi Generator
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Forem
NVD GitHub VulDB
EPSS 36% 4.1 CVSS 7.5
HIGH POC THREAT Act Now

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.2%.

SSRF Appwrite
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.09.31.125. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Project Management System
NVD VulDB
EPSS 1% CVSS 8.1
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Fineract
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Designer
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in OTCMS 6.72. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Cairosvg
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Discourse is an open-source discussion platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Discourse is an open-source discussion platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js SSRF Request
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SSRF Businessobjects Business Intelligence
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SSRF Businessobjects Business Intelligence Platform
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SSRF Netweaver Application Server Abap
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jellyfin
NVD GitHub VulDB
EPSS 1% CVSS 4.9
MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Loonflow
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Information Disclosure Directus
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco +4
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in MuYuCMS 2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Muyucms
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk SSRF Splunk Cloud Platform
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nextcloud Nextcloud Server
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.01.01. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Smartpower Web
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL Act Now

DataHub is an open-source metadata platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Datahub
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Yugabytedb Managed
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Paranoidhttp
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Python Safeurl Python
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC This Month

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Haven
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Tenable Sc
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD
EPSS 15% CVSS 9.8
CRITICAL Act Now

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF B2236 Firmware B2338 Firmware +126
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Reprise License Manager
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

SSRF Cisco Roomos +1
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

RSSHub is an open source RSS feed generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Rsshub
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Metersphere
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Dahua Dss Express +4
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was found in AWS SDK 2.59.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Java SSRF Google +1
NVD GitHub VulDB
Prev Page 24 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy