Total
2645 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4325 | 1 Gradio Project | 1 Gradio | 2026-06-17 | N/A | 8.6 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerability arises when the `path` value, obtained from the user and expected to be a URL, is used to make an HTTP request without sufficient validation checks. This flaw allows an attacker to send crafted requests that could lead to unauthorized access to the local network or the AWS metadata endpoint, thereby compromising the security of internal servers. | |||||
| CVE-2024-4260 | 1 Godaddy | 1 Coblocks | 2026-06-17 | N/A | 6.5 MEDIUM |
| The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. | |||||
| CVE-2024-4219 | 1 Beyondtrust | 1 Beyondinsight | 2026-06-17 | N/A | 4.8 MEDIUM |
| Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. | |||||
| CVE-2024-4177 | 1 Bitdefender | 1 Gravityzone | 2026-06-17 | N/A | 8.1 HIGH |
| A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise. | |||||
| CVE-2024-4084 | 1 Mintplexlabs | 1 Anythingllm | 2026-06-17 | N/A | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172, 10, and 127 through regular expressions and limit access protocols to HTTP and HTTPS, attackers can still bypass these restrictions using alternative representations of IP addresses and accessing other ports running on localhost. This vulnerability enables attackers to access any asset on the internal network, attack web services on the internal network, scan hosts on the internal network, and potentially access AWS metadata endpoints. The vulnerability is due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. | |||||
| CVE-2024-49822 | 1 Ibm | 1 Qradar Advisor | 2026-06-17 | N/A | 4.1 MEDIUM |
| IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-49521 | 1 Adobe | 2 Commerce, Magento | 2026-06-17 | N/A | 7.7 HIGH |
| Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-49336 | 1 Ibm | 1 Security Guardium | 2026-06-17 | N/A | 6.5 MEDIUM |
| IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-49312 | 1 Edwiser | 1 Bridge | 2026-06-17 | N/A | 4.9 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7. | |||||
| CVE-2024-48951 | 1 Logpoint | 1 Siem | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass. | |||||
| CVE-2024-48944 | 1 Apache | 1 Kylin | 2026-06-17 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue. | |||||
| CVE-2024-48907 | 1 Sematell | 1 Replyone | 2026-06-17 | N/A | 7.5 HIGH |
| Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. | |||||
| CVE-2024-48874 | 1 Ruijienetworks | 1 Reyee Os | 2026-06-17 | N/A | 9.8 CRITICAL |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. | |||||
| CVE-2024-48590 | 1 Inflectra | 1 Spirateam | 2026-06-17 | N/A | 9.8 CRITICAL |
| Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information. | |||||
| CVE-2024-48450 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group. | |||||
| CVE-2024-48360 | 1 Qualitor | 1 Qualitor | 2026-06-17 | N/A | 7.5 HIGH |
| Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. | |||||
| CVE-2024-48346 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems. | |||||
| CVE-2024-48234 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files. | |||||
| CVE-2024-48232 | 1 Mipjz Project | 1 Mipjz | 2026-06-17 | N/A | 4.9 MEDIUM |
| An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF) vulnerability that can read server files. | |||||
| CVE-2024-48178 | 1 Newbee-mall Project | 1 Newbee-mall | 2026-06-17 | N/A | 8.1 HIGH |
| newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter. | |||||