Skip to main content

SSRF

2869 CVEs technique

Monthly

CVE-2021-42637 CRITICAL POC Act Now

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Web Stack
NVD VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-0086 npm CRITICAL POC PATCH Act Now

uppy is vulnerable to Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Uppy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-44659 CRITICAL POC Act Now

Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gocd
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-22056 HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Identity Manager Vrealize Automation Workspace One Access
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-44224 HIGH PATCH This Week

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Apache Denial Of Service SSRF Http Server +10
NVD
CVSS 3.1
8.2
EPSS
82.3%
CVE-2021-22054 HIGH POC KEV PATCH THREAT This Week

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Workspace One Uem Console
NVD
CVSS 3.1
7.5
EPSS
97.7%
CVE-2021-3959 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-34425 MEDIUM This Month

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Microsoft SSRF Meetings
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-39057 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Spectrum Protect Plus
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-39935 HIGH KEV THREAT This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
7.5
EPSS
35.6%
CVE-2021-37940 MEDIUM This Month

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure Enterprise Search
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-4075 PHP HIGH POC PATCH This Week

snipe-it is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Snipe It
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-40091 CRITICAL Act Now

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Squaredup
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-29863 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-40809 HIGH POC This Week

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jamf
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-36327 MEDIUM This Month

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell SSRF Emc Streaming Data Platform
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-43296 HIGH This Week

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Supportcenter Plus
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-22049 CRITICAL PATCH Act Now

The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-43780 HIGH PATCH This Week

Redash is a package for data visualization and sharing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Redash
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-3553 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Endpoint Security Tools Gravityzone
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3552 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Endpoint Security Tools Gravityzone
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-44147 MEDIUM POC This Month

An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Filemaker Pro Filemaker Server
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-23718 npm HIGH POC PATCH This Week

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ssrf Agent
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-22970 PHP HIGH PATCH This Week

Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-22969 PHP MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-39303 CRITICAL POC Act Now

The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jamf
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-43576 Maven MEDIUM This Month

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Jenkins XXE Pom2Config
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2021-43562 HIGH PATCH This Week

An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

RCE SSRF Pixx Io
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-43293 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29738 MEDIUM PATCH This Month

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29844 HIGH PATCH This Week

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Engineering Lifecycle Optimization Engineering Requirements Quality Assistant On Premises Engineering Workflow Management +4
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-35512 MEDIUM POC This Month

An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho SSRF Manageengine Applications Manager
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-41792 MEDIUM This Month

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Alfresco Content Services Alfresco Transform Services
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25972 Ruby MEDIUM PATCH This Month

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SSRF Camaleon Cms
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2021-32663 HIGH PATCH This Week

iTop is an open source web based IT Service Management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Itop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-22033 LOW PATCH Monitor

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Cloud Foundation Vrealize Operations Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2021-42091 CRITICAL Act Now

An issue was discovered in Zammad before 4.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF Zammad
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-22958 PHP CRITICAL PATCH Act Now

A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-34706 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SSRF XXE Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-39894 MEDIUM This Month

In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-39867 HIGH This Week

In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF Gitea
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-37223 MEDIUM This Month

Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Nagios Xi
NVD VulDB
CVSS 3.1
6.5
EPSS
7.5%
CVE-2021-37104 HIGH This Week

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei SSRF P40 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-40109 MEDIUM This Month

A SSRF issue was discovered in Concrete CMS through 8.5.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2021-40103 HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal SSRF Concrete Cms
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-41385 MEDIUM This Month

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Snypr
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-41587 HIGH This Week

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gradle
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-41586 HIGH This Week

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gradle
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-21993 MEDIUM PATCH This Month

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-39339 MEDIUM This Month

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP SSRF Telefication
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-41084 Maven MEDIUM POC PATCH This Month

http4s is an open source scala interface for HTTP. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Http4S
NVD GitHub
CVSS 3.1
4.7
EPSS
1.2%
CVE-2021-37419 HIGH POC PATCH This Week

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho SSRF Manageengine Admanager Plus
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-40438 CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux Enterprise Linux Enterprise Linux Eus +35
NVD
CVSS 3.1
9.0
EPSS
100.0%
CVE-2021-33705 HIGH PATCH This Week

The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF SAP Netweaver Portal
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2021-33690 CRITICAL POC PATCH THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure SSRF SAP Netweaver Development Infrastructure
NVD
CVSS 3.1
9.9
EPSS
67.7%
CVE-2021-30137 HIGH POC This Week

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Assyst
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2021-23029 HIGH This Week

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-28910 HIGH This Week

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Eibport Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-40537 LOW Monitor

Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF User Ldap
NVD
CVSS 3.1
2.7
EPSS
0.7%
CVE-2021-39497 CRITICAL POC Act Now

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Eyoucms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-39195 MEDIUM PATCH This Month

Misskey is an open source, decentralized microblogging platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Misskey
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3758 MEDIUM POC PATCH This Month

bookstack is vulnerable to Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-36043 PHP MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Redis RCE SSRF Adobe Adobe Commerce +1
NVD
CVSS 3.1
6.6
EPSS
1.9%
CVE-2021-22027 HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-22026 HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28627 HIGH This Week

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Experience Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-22255 MEDIUM PATCH This Month

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Baserow
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-37711 PHP HIGH PATCH This Week

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Shopware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-37353 CRITICAL Act Now

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker PHP SSRF Nagios Xi Docker Wizard
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-32603 MEDIUM This Month

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-24472 CRITICAL POC THREAT Act Now

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SSRF Kentharadio Onair2
NVD WPScan
CVSS 3.1
9.8
EPSS
56.6%
CVE-2021-24371 LOW POC Monitor

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP SSRF Rsvpmaker
NVD WPScan
CVSS 3.1
2.7
EPSS
1.0%
CVE-2021-20788 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Groupsession Groupsession Bycloud Groupsession Zion
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-26699 MEDIUM This Month

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2021-22726 HIGH This Week

A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-31216 HIGH PATCH This Week

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Investigate
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-29749 MEDIUM PATCH This Month

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Secure External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-33213 MEDIUM POC This Month

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Http Commander
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-29102 CRITICAL Act Now

A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Arcgis Server
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2021-35209 CRITICAL POC Act Now

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Collaboration
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-32639 CRITICAL POC Act Now

Emissary is a P2P-based, data-driven workflow engine. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Emissary
NVD GitHub
CVSS 3.1
9.9
EPSS
1.4%
CVE-2021-31531 CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-29620 Maven HIGH PATCH This Week

Report portal is an open source reporting and analysis framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Service Api
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-32698 MEDIUM PATCH This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Elabftw
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-34811 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-34808 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology SSRF Media Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-20483 MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure Security Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-22175 CRITICAL POC KEV THREAT Act Now

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
9.8
EPSS
53.4%
CVE-2021-31950 HIGH POC PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft SSRF Sharepoint Foundation Sharepoint Server
NVD Exploit-DB
CVSS 3.1
7.6
EPSS
4.6%
CVE-2021-33571 PyPI HIGH PATCH This Week

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Python SSRF Django Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Web Stack
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

uppy is vulnerable to Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Uppy
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gocd
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Identity Manager +2
NVD
EPSS 82% CVSS 8.2
HIGH PATCH This Week

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Apache Denial Of Service +12
NVD
EPSS 98% CVSS 7.5
HIGH POC KEV PATCH THREAT This Week

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Workspace One Uem Console
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Microsoft +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Spectrum Protect Plus
NVD
EPSS 36% CVSS 7.5
HIGH KEV THREAT This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure Enterprise Search
NVD
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

snipe-it is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Snipe It
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Squaredup
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

IBM SSRF Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jamf
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell SSRF Emc Streaming Data Platform
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Supportcenter Plus
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Vcenter Server
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Redash is a package for data visualization and sharing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Redash
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Endpoint Security Tools Gravityzone
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Endpoint Security Tools Gravityzone
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Filemaker Pro +1
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ssrf Agent
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jamf
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Jenkins XXE +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

RCE SSRF Pixx Io
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nexus Repository Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Infosphere Information Server
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Engineering Lifecycle Optimization +6
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho SSRF Manageengine Applications Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Alfresco Content Services Alfresco Transform Services
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SSRF Camaleon Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

iTop is an open source web based IT Service Management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Itop
NVD GitHub
EPSS 1% CVSS 2.7
LOW PATCH Monitor

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Cloud Foundation +2
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

An issue was discovered in Zammad before 4.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF Zammad
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SSRF XXE +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
EPSS 1% CVSS 8.1
HIGH This Week

In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF Gitea
NVD
EPSS 8% CVSS 6.5
MEDIUM This Month

Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Nagios Xi
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei SSRF P40 Firmware
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

A SSRF issue was discovered in Concrete CMS through 8.5.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Concrete Cms
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Concrete CMS through 8.5.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal SSRF Concrete Cms
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Snypr
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gradle
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gradle
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure VMware +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP SSRF +1
NVD
EPSS 1% CVSS 4.7
MEDIUM POC PATCH This Month

http4s is an open source scala interface for HTTP. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Http4S
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho SSRF Manageengine Admanager Plus
NVD
EPSS 100% CVSS 9.0
CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux +37
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF SAP Netweaver Portal
NVD
EPSS 68% CVSS 9.9
CRITICAL POC PATCH THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure SSRF SAP +1
NVD
EPSS 1% CVSS 8.2
HIGH POC This Week

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Assyst
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Eibport Firmware
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF User Ldap
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Eyoucms
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Misskey is an open source, decentralized microblogging platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Misskey
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

bookstack is vulnerable to Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Bookstack
NVD GitHub
EPSS 2% CVSS 6.6
MEDIUM PATCH This Month

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Redis RCE SSRF +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Cloud Foundation +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Cloud Foundation +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Experience Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Baserow
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Shopware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker PHP SSRF +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
EPSS 57% CVSS 9.8
CRITICAL POC THREAT Act Now

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SSRF Kentharadio +1
NVD WPScan
EPSS 1% CVSS 2.7
LOW POC Monitor

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP SSRF +1
NVD WPScan
EPSS 1% CVSS 4.3
MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Groupsession Groupsession Bycloud +1
NVD
EPSS 2% CVSS 5.4
MEDIUM This Month

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware +4
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Investigate
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Secure External Authentication Server +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Http Commander
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Arcgis Server
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Collaboration
NVD
EPSS 1% CVSS 9.9
CRITICAL POC Act Now

Emissary is a P2P-based, data-driven workflow engine. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Emissary
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Servicedesk Plus Msp
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Report portal is an open source reporting and analysis framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Service Api
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Elabftw
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology SSRF Media Server
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure +1
NVD
EPSS 53% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
EPSS 5% CVSS 7.6
HIGH POC PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft SSRF Sharepoint Foundation +1
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Python SSRF Django +1
NVD GitHub
Prev Page 27 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy