Skip to main content

SSRF

2869 CVEs technique

Monthly

CVE-2021-22214 HIGH POC THREAT This Week

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
8.6
EPSS
27.8%
CVE-2021-20348 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20347 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20346 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20345 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20343 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33184 HIGH This Week

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2021-33181 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Video Station
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-25640 Maven MEDIUM PATCH This Month

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Open Redirect Dubbo
NVD
CVSS 3.1
6.1
EPSS
2.1%
CVE-2021-21985 CRITICAL POC KEV THREAT Emergency

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-30108 PHP CRITICAL POC Act Now

Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Feehi Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-33511 PyPI HIGH PATCH This Week

Plone though 5.2.4 allows SSRF via the lxml parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Plone
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-33510 PyPI MEDIUM PATCH This Month

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Plone
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2017-17674 CRITICAL Act Now

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Remedy Mid Tier
NVD VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-20535 MEDIUM This Month

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31910 HIGH This Week

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-31828 HIGH PATCH This Week

An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Elastic SSRF Open Distro
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-29490 MEDIUM POC PATCH THREAT This Month

Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Jellyfin
NVD GitHub
CVSS 3.1
5.8
EPSS
69.9%
CVE-2021-29145 CRITICAL Act Now

A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Aruba Clearpass
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-31779 PHP MEDIUM PATCH This Month

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Yoast Seo
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2021-28060 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SSRF Group Office
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-27905 Maven CRITICAL POC PATCH THREAT Act Now

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Solr
NVD
CVSS 3.1
9.8
EPSS
93.1%
CVE-2021-29357 HIGH This Week

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Lifetime Management Console Outsystems Platform Server
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2021-20480 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-24150 HIGH POC This Week

The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Likebtn Like Button
NVD WPScan
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-28941 MEDIUM POC This Month

Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Magpierss
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-26072 MEDIUM POC PATCH THREAT This Month

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Data Center Confluence Server
NVD
CVSS 3.1
4.3
EPSS
38.8%
CVE-2021-28918 npm CRITICAL POC PATCH THREAT Act Now

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js SSRF Netmask
NVD GitHub
CVSS 3.1
9.1
EPSS
16.4%
CVE-2021-21975 HIGH POC KEV THREAT Act Now

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
78.3%
CVE-2021-22986 CRITICAL POC KEV THREAT Emergency

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Amd SSRF Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +12
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2021-1627 CRITICAL Act Now

MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mule
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-26715 Maven CRITICAL POC Act Now

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SSRF Information Disclosure Connect
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-22179 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 12.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-22178 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 13.2. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
5.0
EPSS
1.1%
CVE-2021-20280 PHP MEDIUM POC PATCH This Month

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS SSRF Moodle Fedora
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-23345 MEDIUM POC This Month

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gotenberg
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-27670 CRITICAL POC THREAT Act Now

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Appspace
NVD GitHub
CVSS 3.1
9.8
EPSS
61.3%
CVE-2021-21973 MEDIUM POC KEV THREAT This Month

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
5.3
EPSS
88.0%
CVE-2021-27214 MEDIUM POC This Month

A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-3204 MEDIUM POC This Month

SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Webdesktop
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-27329 CRITICAL POC Act Now

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Frendica
NVD GitHub
CVSS 3.1
10.0
EPSS
1.5%
CVE-2021-27103 CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
11.3%
CVE-2021-21311 PHP HIGH POC KEV PATCH THREAT This Week

Adminer is an open-source database management in a single PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SSRF Adminer Debian Linux
NVD GitHub
CVSS 3.1
7.2
EPSS
90.5%
CVE-2021-21288 Ruby MEDIUM PATCH This Month

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Carrierwave
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-25241 MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure Apex One Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-25236 MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-21287 HIGH POC PATCH THREAT This Week

MinIO is a High Performance Object Storage released under Apache License v2.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache Path Traversal SSRF Minio
NVD GitHub
CVSS 3.1
7.7
EPSS
24.8%
CVE-2021-1272 HIGH This Week

A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SSRF Authentication Bypass Data Center Network Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21009 HIGH This Week

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Adobe Campaign Classic
NVD
CVSS 3.1
8.6
EPSS
3.2%
CVE-2021-23927 MEDIUM This Month

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-26291 npm MEDIUM PATCH This Month

URI.js is a javascript URL mutation library (npm package urijs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Node.js SSRF Uri Js
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-28735 PyPI HIGH PATCH This Week

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Plone
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-26247 Ruby MEDIUM PATCH This Month

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Nokogiri Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-35850 MEDIUM POC This Month

An SSRF issue was discovered in cockpit-project.org Cockpit 234. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cockpit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-26032 HIGH This Week

An SSRF issue was discovered in Zammad before 3.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Zammad
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-35712 CRITICAL Act Now

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Arcgis Server
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-8464 HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2020-26258 Maven HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Struts Xstream Debian Linux +1
NVD GitHub
CVSS 3.1
7.7
EPSS
82.2%
CVE-2020-10770 Maven MEDIUM POC PATCH THREAT This Month

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Keycloak
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
69.7%
CVE-2020-17513 PyPI MEDIUM PATCH This Month

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Python Airflow
NVD
CVSS 3.1
5.3
EPSS
4.3%
CVE-2020-24444 MEDIUM This Month

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Experience Manager Forms Add On
NVD
CVSS 3.1
5.8
EPSS
2.1%
CVE-2020-26831 CRITICAL Act Now

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2020-28978 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
15.3%
CVE-2020-28977 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
15.3%
CVE-2020-28976 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
27.8%
CVE-2020-24815 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Microstrategy
NVD VulDB
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-28360 npm CRITICAL PATCH Act Now

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE SSRF Private Ip
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-7572 HIGH PATCH This Week

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service SSRF XXE Webreports
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-27626 MEDIUM This Month

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-27624 MEDIUM This Month

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-7032 MEDIUM POC This Month

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Aura System Manager Weblm
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2020-7329 HIGH This Week

Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mvision Endpoint
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-7328 HIGH This Week

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SSRF Mvision Endpoint
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-24063 HIGH This Week

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-26815 HIGH This Week

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Fiori Launchpad News Tile Application
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-26811 MEDIUM This Month

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Commerce Cloud Accelerator Payment Mock
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-27018 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
5.5
EPSS
3.5%
CVE-2020-15297 CRITICAL Act Now

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Update Server
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-28168 npm MEDIUM POC PATCH MAL This Month

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js SSRF Axios Sinec Ins
NVD GitHub
CVSS 3.1
5.9
EPSS
2.3%
CVE-2020-28043 HIGH PATCH This Week

MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-24881 CRITICAL POC PATCH THREAT Act Now

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.3%.

SSRF Osticket
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
73.3%
Threat
5.7
CVE-2020-24710 Go MEDIUM POC PATCH This Month

Gophish before 0.11.0 allows SSRF attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Gophish
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-15352 HIGH This Week

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-7126 MEDIUM This Month

A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba SSRF Airwave Glass
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-25466 CRITICAL POC Act Now

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF Crmeb
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-15002 MEDIUM POC This Month

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2020-25820 MEDIUM POC PATCH This Month

BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Microsoft Bigbluebutton
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
8.8%
CVE-2020-6308 MEDIUM POC THREAT This Month

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.3
EPSS
61.7%
CVE-2020-7749 npm HIGH POC PATCH This Week

This affects all versions of package osm-static-maps. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS SSRF Osm Static Maps
NVD GitHub
CVSS 3.1
7.6
EPSS
1.6%
CVE-2020-15822 HIGH This Week

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
7.3
EPSS
1.4%
EPSS 28% CVSS 8.6
HIGH POC THREAT This Week

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Download Station
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Video Station
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Open Redirect +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF VMware +2
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Feehi Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Plone though 5.2.4 allows SSRF via the lxml parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Plone
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Plone
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Remedy Mid Tier
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Jazz Reporting Service
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Teamcity
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Elastic SSRF Open Distro
NVD GitHub
EPSS 70% CVSS 5.8
MEDIUM POC PATCH THREAT This Month

Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Jellyfin
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Aruba +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Yoast Seo
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SSRF +1
NVD
EPSS 93% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Solr
NVD
EPSS 1% CVSS 8.6
HIGH This Week

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Lifetime Management Console Outsystems +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Information Disclosure +1
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Likebtn Like Button
NVD WPScan
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Magpierss
NVD GitHub
EPSS 39% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Data Center +1
NVD
EPSS 16% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js SSRF Netmask
NVD GitHub
EPSS 78% CVSS 7.5
HIGH POC KEV THREAT Act Now

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cloud Foundation Vrealize Operations Manager +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Amd SSRF Big Ip Access Policy Manager +14
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mule
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SSRF Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 12.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 13.2. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS SSRF Moodle +1
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gotenberg
NVD GitHub
EPSS 61% CVSS 9.8
CRITICAL POC THREAT Act Now

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Appspace
NVD GitHub
EPSS 88% CVSS 5.3
MEDIUM POC KEV THREAT This Month

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure VMware +2
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Zoho +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Webdesktop
NVD
EPSS 2% CVSS 10.0
CRITICAL POC Act Now

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Frendica
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Fta
NVD GitHub
EPSS 90% CVSS 7.2
HIGH POC KEV PATCH THREAT This Week

Adminer is an open-source database management in a single PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SSRF Adminer +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Carrierwave
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure +2
NVD
EPSS 25% CVSS 7.7
HIGH POC PATCH THREAT This Week

MinIO is a High Performance Object Storage released under Apache License v2.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache Path Traversal SSRF +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SSRF Authentication Bypass +1
NVD
EPSS 3% CVSS 8.6
HIGH This Week

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Adobe Campaign Classic
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

URI.js is a javascript URL mutation library (npm package urijs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Node.js SSRF Uri Js
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Plone
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Nokogiri +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An SSRF issue was discovered in cockpit-project.org Cockpit 234. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cockpit
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An SSRF issue was discovered in Zammad before 3.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Zammad
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Arcgis Server
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Web Security Virtual Appliance
NVD
EPSS 82% CVSS 7.7
HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Struts +3
NVD GitHub
EPSS 70% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Keycloak
NVD Exploit-DB
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Python +1
NVD
EPSS 2% CVSS 5.8
MEDIUM This Month

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Experience Manager Forms Add On
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Businessobjects Business Intelligence Platform
NVD
EPSS 15% CVSS 5.3
MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP +1
NVD GitHub Exploit-DB
EPSS 15% CVSS 5.3
MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP +1
NVD GitHub Exploit-DB
EPSS 28% CVSS 5.3
MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP +1
NVD GitHub Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Microstrategy
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE SSRF +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service SSRF XXE +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
EPSS 4% CVSS 6.5
MEDIUM POC This Month

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Aura System Manager +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mvision Endpoint
NVD
EPSS 2% CVSS 7.2
HIGH This Week

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SSRF Mvision Endpoint
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP +1
NVD GitHub
EPSS 1% CVSS 8.6
HIGH This Week

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Fiori Launchpad News Tile Application
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Commerce Cloud Accelerator Payment Mock
NVD
EPSS 3% CVSS 5.5
MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Messaging Security Virtual Appliance
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Update Server
NVD
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js SSRF Axios +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Misp
NVD GitHub VulDB
EPSS 73% 5.7 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.3%.

SSRF Osticket
NVD GitHub Exploit-DB VulDB
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Gophish before 0.11.0 allows SSRF attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Gophish
NVD GitHub
EPSS 3% CVSS 7.2
HIGH This Week

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Connect Secure +3
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba SSRF Airwave Glass
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF Crmeb
NVD GitHub VulDB
EPSS 2% CVSS 5.0
MEDIUM POC This Month

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
EPSS 9% CVSS 6.5
MEDIUM POC PATCH This Month

BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Microsoft Bigbluebutton
NVD GitHub Exploit-DB
EPSS 62% CVSS 5.3
MEDIUM POC THREAT This Month

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Businessobjects Business Intelligence Platform
NVD
EPSS 2% CVSS 7.6
HIGH POC PATCH This Week

This affects all versions of package osm-static-maps. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS SSRF Osm Static Maps
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
Prev Page 28 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy