Total
1486 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6294 | 1 Sygnoos | 1 Popup Builder | 2025-04-24 | N/A | 7.2 HIGH |
| The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. | |||||
| CVE-2022-35508 | 1 Proxmox | 3 Proxmox Mail Gateway, Pve Http Server, Virtual Environment | 2025-04-24 | N/A | 9.8 CRITICAL |
| Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3. | |||||
| CVE-2025-29458 | 1 Mybb | 1 Mybb | 2025-04-24 | N/A | 7.6 HIGH |
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | |||||
| CVE-2025-29457 | 1 Mybb | 1 Mybb | 2025-04-24 | N/A | 7.6 HIGH |
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | |||||
| CVE-2022-43880 | 1 Ibm | 1 Qradar Wincollect | 2025-04-24 | N/A | 4.4 MEDIUM |
| IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151. | |||||
| CVE-2025-3691 | 1 Mirweiye | 1 Seven Bears Library Cms | 2025-04-24 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-56736 | 1 Apache | 1 Hertzbeat | 2025-04-23 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue. | |||||
| CVE-2025-27501 | 1 Openziti | 1 Openziti | 2025-04-23 | N/A | 8.6 HIGH |
| OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side request, resulting in a potential Server-Side Request Forgery (SSRF) vulnerability. The fixed version has moved the request to the external controller from the server side to the client side, thereby eliminating the identity of the node from being used to gain any additional permissions. This vulnerability is fixed in 3.7.1. | |||||
| CVE-2025-29450 | 1 Lm21 | 1 Twonav | 2025-04-23 | N/A | 6.5 MEDIUM |
| An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component. | |||||
| CVE-2025-29451 | 1 Seopanel | 1 Seo Panel | 2025-04-23 | N/A | 7.6 HIGH |
| An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. | |||||
| CVE-2025-29452 | 1 Seopanel | 1 Seo Panel | 2025-04-23 | N/A | 7.6 HIGH |
| An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. | |||||
| CVE-2025-29461 | 1 A-blogcms | 1 A-blogcms | 2025-04-23 | N/A | 7.6 HIGH |
| An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path. | |||||
| CVE-2025-3787 | 1 Pbootcms | 1 Pbootcms | 2025-04-23 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2987 | 2025-04-23 | N/A | 3.8 LOW | ||
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-27907 | 2025-04-23 | N/A | 4.1 MEDIUM | ||
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-29459 | 2025-04-23 | N/A | 7.6 HIGH | ||
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | |||||
| CVE-2024-57252 | 1 Otcms | 1 Otcms | 2025-04-22 | N/A | 4.3 MEDIUM |
| OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. | |||||
| CVE-2025-29453 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. | |||||
| CVE-2025-29454 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. | |||||
| CVE-2025-29455 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. | |||||