Total
1645 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6621 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | |||||
| CVE-2017-9506 | 1 Atlassian | 1 Oauth | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). | |||||
| CVE-2017-9307 | 1 Allen Disk Project | 1 Allen Disk | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | |||||
| CVE-2017-11149 | 1 Synology | 1 Download Station | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | |||||
| CVE-2016-9417 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2017-7272 | 1 Php | 1 Php | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. | |||||
| CVE-2015-8813 | 1 Umbraco | 1 Umbraco | 2025-04-20 | 4.3 MEDIUM | 8.2 HIGH |
| The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. | |||||
| CVE-2017-8794 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. | |||||
| CVE-2017-10973 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | |||||
| CVE-2017-9066 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | |||||
| CVE-2017-1000139 | 1 Mahara | 1 Mahara | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. | |||||
| CVE-2017-7566 | 1 Mybb | 1 Mybb | 2025-04-20 | 4.0 MEDIUM | 7.7 HIGH |
| MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. | |||||
| CVE-2017-12905 | 1 Vebto | 1 Pixie - Image Editor | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | |||||
| CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2017-14585 | 1 Atlassian | 2 Hipchat Data Center, Hipchat Server | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. | |||||
| CVE-2017-9355 | 1 Subsonic | 1 Subsonic | 2025-04-20 | 4.3 MEDIUM | 7.4 HIGH |
| XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. | |||||
| CVE-2017-6130 | 1 F5 | 2 Ssl Intercept Iapp, Ssl Orchestrator | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. | |||||
| CVE-2024-55086 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-18 | N/A | 7.2 HIGH |
| In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. | |||||
| CVE-2024-33857 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 9.6 CRITICAL |
| An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. | |||||