Total
1488 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23500 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-02-07 | N/A | 7.7 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19. | |||||
| CVE-2024-6980 | 1 Bitdefender | 1 Gravityzone | 2025-02-07 | N/A | 9.8 CRITICAL |
| A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise. | |||||
| CVE-2022-43698 | 1 Open-xchange | 1 Ox App Suite | 2025-02-06 | N/A | 4.3 MEDIUM |
| OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. | |||||
| CVE-2018-17452 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. | |||||
| CVE-2018-17450 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token. | |||||
| CVE-2022-43699 | 1 Open-xchange | 1 Ox App Suite | 2025-02-06 | N/A | 4.3 MEDIUM |
| OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address). | |||||
| CVE-2024-27898 | 1 Sap | 1 Netweaver | 2025-02-06 | N/A | 5.3 MEDIUM |
| SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. | |||||
| CVE-2023-6964 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-02-06 | N/A | 8.5 HIGH |
| The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2025-21385 | 1 Microsoft | 1 Purview | 2025-02-05 | N/A | 8.8 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. | |||||
| CVE-2023-39313 | 1 Theme-fusion | 1 Avada | 2025-02-05 | N/A | 7.7 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | |||||
| CVE-2024-13450 | 1 Bitapps | 1 Contact Form Builder | 2025-02-04 | N/A | 3.8 LOW |
| The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments. | |||||
| CVE-2021-26855 | 1 Microsoft | 1 Exchange Server | 2025-02-04 | 7.5 HIGH | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2024-10705 | 1 Themeisle | 1 Multiple Page Generator | 2025-02-04 | N/A | 5.4 MEDIUM |
| The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2024-11913 | 1 Buddydev | 1 Activity Plus Reloaded For Buddypress | 2025-02-04 | N/A | 5.4 MEDIUM |
| The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2023-26735 | 1 Prometheus | 1 Blackbox Exporter | 2025-02-04 | N/A | 7.5 HIGH |
| blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured. | |||||
| CVE-2021-27103 | 1 Accellion | 1 Fta | 2025-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later. | |||||
| CVE-2025-22701 | 2025-02-03 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8. | |||||
| CVE-2024-29173 | 1 Dell | 10 Apex Protection Storage, Data Domain Operating System, Dd3300 and 7 more | 2025-02-03 | N/A | 6.8 MEDIUM |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client. | |||||
| CVE-2024-5031 | 1 Caseproof | 1 Memberpress | 2025-01-31 | N/A | 8.5 HIGH |
| The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2024-44055 | 2025-01-31 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Modules. This issue affects Oshine Modules: from n/a through n/a. | |||||