Total
2662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0870 | 1 Gogs | 1 Gogs | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. | |||||
| CVE-2022-0768 | 1 Alltubedownload | 1 Alltube | 2026-06-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. | |||||
| CVE-2022-0767 | 1 Janeczku | 1 Calibre-web | 2026-06-17 | 7.5 HIGH | 9.9 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
| CVE-2022-0766 | 1 Janeczku | 1 Calibre-web | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
| CVE-2022-0671 | 1 Redhat | 1 Vscode-xml | 2026-06-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. | |||||
| CVE-2022-0591 | 1 Subtlewebinc | 1 Formcraft3 | 2026-06-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users | |||||
| CVE-2022-0528 | 1 Transloadit | 1 Uppy | 2026-06-17 | 5.0 MEDIUM | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1. | |||||
| CVE-2022-0508 | 1 Framasoft | 1 Peertube | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 | |||||
| CVE-2022-0425 | 1 Gitlab | 1 Gitlab | 2026-06-17 | 6.5 MEDIUM | 5.4 MEDIUM |
| A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. | |||||
| CVE-2022-0339 | 1 Janeczku | 1 Calibre-web | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2022-0249 | 1 Gitlab | 1 Gitlab | 2026-06-17 | 6.4 MEDIUM | 3.1 LOW |
| A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. | |||||
| CVE-2022-0136 | 1 Gitlab | 1 Gitlab | 2026-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. | |||||
| CVE-2022-0132 | 1 Framasoft | 1 Peertube | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| peertube is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2022-0086 | 1 Transloadit | 1 Uppy | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| uppy is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2022-0085 | 1 Dompdf Project | 1 Dompdf | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | |||||
| CVE-2021-4075 | 1 Snipeitapp | 1 Snipe-it | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2021-47958 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources. | |||||
| CVE-2021-47776 | 1 Umbraco | 1 Umbraco Cms | 2026-06-17 | N/A | 5.3 MEDIUM |
| Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts. | |||||
| CVE-2021-47715 | 1 Hasura | 1 Graphql Engine | 2026-06-17 | N/A | 5.3 MEDIUM |
| Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL definitions to potentially access internal network resources. | |||||
| CVE-2021-47703 | 1 Openbmcs | 1 Openbmcs | 2026-06-17 | N/A | 7.2 HIGH |
| OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host. | |||||