Total
2713 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50228 | 1 Jizhicms | 1 Jizhicms | 2026-06-17 | N/A | 9.1 CRITICAL |
| Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules. | |||||
| CVE-2025-50199 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 9.1 CRITICAL |
| Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-50180 | 1 Esm | 1 Esm.sh | 2026-06-17 | N/A | 7.5 HIGH |
| esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability. | |||||
| CVE-2025-50125 | 2026-06-17 | N/A | N/A | ||
| A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header. | |||||
| CVE-2025-4967 | 1 Esri | 1 Portal For Arcgis | 2026-06-17 | N/A | 9.1 CRITICAL |
| Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections. | |||||
| CVE-2025-4655 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-06-17 | N/A | 5.0 MEDIUM |
| SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs. | |||||
| CVE-2025-4581 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-06-17 | N/A | 8.6 HIGH |
| Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation. | |||||
| CVE-2025-4012 | 1 Playeduos | 1 Playedu | 2026-06-17 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-49985 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Ali Irani Auto Upload Images auto-upload-images allows Server Side Request Forgery.This issue affects Auto Upload Images: from n/a through <= 3.3.2. | |||||
| CVE-2025-49984 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.13.11. | |||||
| CVE-2025-49983 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Joe Hoyle WPThumb wp-thumb allows Server Side Request Forgery.This issue affects WPThumb: from n/a through <= 0.10. | |||||
| CVE-2025-49917 | 2026-06-17 | N/A | 4.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through <= 5.9.5. | |||||
| CVE-2025-49877 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Server Side Request Forgery.This issue affects ProfileGrid : from n/a through <= 5.9.5.2. | |||||
| CVE-2025-49852 | 1 Assaabloy | 1 Control Id Idsecure | 2026-06-17 | N/A | 7.5 HIGH |
| ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers. | |||||
| CVE-2025-49545 | 1 Adobe | 1 Coldfusion | 2026-06-17 | N/A | 6.2 MEDIUM |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses. | |||||
| CVE-2025-49430 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through <= 10.1. | |||||
| CVE-2025-49418 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allmart allmart-core allows Server Side Request Forgery.This issue affects Allmart: from n/a through <= 1.0.0. | |||||
| CVE-2025-49374 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through <= 1.0.61. | |||||
| CVE-2025-49335 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through <= 1.0.36. | |||||
| CVE-2025-49190 | 1 Sick | 1 Field Analytics | 2026-06-17 | N/A | 4.3 MEDIUM |
| The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports. | |||||