Skip to main content

Server-Side Request Forgery

web HIGH

Server-Side Request Forgery exploits applications that fetch remote resources based on user-supplied URLs.

How It Works

Server-Side Request Forgery exploits applications that fetch remote resources based on user-supplied URLs. When a web server accepts a URL parameter to retrieve external content—for example, to proxy images, validate webhooks, or import data—an attacker can manipulate that parameter to make the server send requests to unintended destinations. The critical issue is that these requests originate from the server itself, bypassing firewalls and network controls that would block direct external access.

Attacks come in several forms. Direct SSRF gives the attacker full control over the destination URL, allowing them to target internal services like http://localhost:8080/admin or cloud metadata endpoints at http://169.254.169.254/latest/meta-data/. Blind SSRF occurs when the application makes the request but doesn't return the response to the attacker—they must rely on timing differences or out-of-band techniques to confirm success. Partial SSRF restricts the attacker to modifying only part of the URL, such as the hostname or path, requiring more creative exploitation.

The typical attack flow starts with identifying URL parameters that trigger server-side requests. The attacker then probes for internal services by injecting internal IP addresses or localhost references. Common targets include administrative interfaces, internal REST APIs, Redis or Memcached instances, and especially cloud metadata services that expose IAM credentials. Attackers often employ bypass techniques like encoding IPs in decimal format (2130706433 for 127.0.0.1), exploiting URL parser discrepancies between validation and execution layers, or chaining with open redirects to evade basic filters.

Impact

  • Access to internal services that should be network-isolated—admin panels, monitoring dashboards, configuration endpoints
  • Cloud credential theft via metadata APIs, particularly AWS IAM role credentials exposed at 169.254.169.254
  • Reading local files through file:// protocol support, exposing configuration files and source code
  • Network reconnaissance to map internal infrastructure and identify additional attack targets
  • Remote code execution on back-end systems like Redis or Elasticsearch that accept commands over HTTP
  • Pivoting deeper into internal networks by using the compromised server as a proxy for further attacks

Real-World Examples

Capital One suffered a massive breach in 2019 when an attacker exploited SSRF in a web application firewall to query AWS metadata services, stealing credentials that granted access to over 100 million customer records. The vulnerability allowed requests to the internal metadata endpoint that should have been unreachable.

Shopify's infrastructure exposed internal Google Cloud metadata in 2020 through an image proxy feature. Security researchers demonstrated they could retrieve service account credentials by tricking the proxy into fetching from the metadata API, potentially compromising the entire GCP environment.

Numerous CVEs in enterprise products highlight SSRF in common features: webhook validators in GitLab, PDF generators that fetch remote images, and document conversion services. These typically manifest when URL validation assumes all requests will target external internet resources, failing to anticipate internal network abuse.

Mitigation

  • Allowlist approved destination domains rather than trying to blocklist dangerous ones—only permit necessary external services
  • Disable unnecessary URL schemes entirely (file://, gopher://, dict://)—restrict to https:// only where possible
  • Network segmentation to prevent application servers from reaching internal infrastructure—use separate VLANs or VPCs
  • Deploy cloud metadata protections like AWS IMDSv2 requiring session tokens, making metadata unavailable to simple HTTP requests
  • Validate and parse URLs consistently using a single library, then verify resolved IP addresses aren't private ranges
  • Remove response bodies from errors to prevent information disclosure in blind SSRF scenarios

Recent CVEs (2868)

EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.0.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Cxf
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF
NVD GitHub VulDB
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

The netty incubator codec.bhttp is a java language binary http parser. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSRF Java Netty Incubator Codec Ohttp
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required. No vendor patch available.

SSRF Bigfix Compliance
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Apache Streampipes
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Kubernetes
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM This Month

The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Datacap +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Publiccms
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Publiccms
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Saptmui +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP +2
NVD
EPSS 0% CVSS 7.7
HIGH This Week

SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Information Disclosure SAP +2
NVD
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Directus
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Cloud Pak For Business Automation
NVD
EPSS 2% CVSS 5.8
MEDIUM POC PATCH This Month

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Authentication Bypass Localai
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.3.5. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Foxiz
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Pi Hole
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in ShopXO up to 6.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP CSRF +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mesbook
NVD
EPSS 2% CVSS 7.4
HIGH POC This Week

NextChat is a cross-platform ChatGPT/Gemini UI. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
EPSS 1% CVSS 8.2
HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla!. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF PHP Admirorframes
NVD GitHub
EPSS 1% CVSS 8.6
HIGH POC This Week

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Quivr
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Chuanhuchatgpt
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SSRF Devika
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.2.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Blossomthemes Email Newsletter
NVD
EPSS 0% CVSS 7.3
HIGH This Week

The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

SSRF Apache
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Dell Data Domain Operating System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Open Redirect +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE Enterprise Server
NVD GitHub
EPSS 1% CVSS 8.6
HIGH POC This Week

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Strapi
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The Popup Builder - Create highly converting, mobile friendly marketing popups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress SSRF +1
NVD
EPSS 0% CVSS 8.5
HIGH This Week

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Elementskit
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Computer Vision Annotation Tool
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suitecrm
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Tablepress
NVD
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lunary
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Authentication Bypass +2
NVD
EPSS 1% CVSS 7.7
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Quivr
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Nginx Anythingllm
NVD GitHub
EPSS 1% CVSS 7.7
HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Langchain
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Lollms Web Ui
NVD
EPSS 37% CVSS 8.6
HIGH POC THREAT This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Gradio
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Anythingllm
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
EPSS 22% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cisco Finesse
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Grafana Oncall
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Anythingllm
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lylme Spage
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Beyondinsight
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.0.9. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ninja Tables
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Creative Themes Blocksy Companion blocksy-companion.0.42. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.3.6. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

SSRF
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library AJAX action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Wp Staging
NVD WPScan
EPSS 8% CVSS 8.1
HIGH This Week

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Node.js
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Central Authentication Service
NVD WPScan
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The WPCafe - Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Wpcafe
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE PHP
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP XSS
NVD GitHub
EPSS 1% CVSS 8.5
HIGH This Week

The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Memberpress
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF A Blog Cms
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.8.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Path Traversal Buddyforms
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 73% CVSS 9.3
CRITICAL POC THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.92.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Imanager
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Linqi
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.8.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next Js
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
EPSS 53% CVSS 9.0
CRITICAL POC PATCH THREAT Act Now

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

The Starter Templates - Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

An issue was discovered in Logpoint before 7.4.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Siem
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crmeb Java
NVD GitHub
Prev Page 20 of 32 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
2868

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy