Total
2721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22952 | 1 Usememos | 1 Memos | 2026-06-17 | N/A | 9.8 CRITICAL |
| elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. | |||||
| CVE-2025-22726 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Helper nk-themes-helper allows Server Side Request Forgery.This issue affects nK Themes Helper: from n/a through <= 1.7.9. | |||||
| CVE-2025-22701 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in shinetheme Traveler Layout Essential For Elementor traveler-layout-essential-for-elementor.This issue affects Traveler Layout Essential For Elementor: from n/a through < 1.4. | |||||
| CVE-2025-22672 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.2. | |||||
| CVE-2025-22603 | 1 Agpt | 1 Autogpt Platform | 2026-06-17 | N/A | 8.1 HIGH |
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability inside component (or block) `Send Web Request`. The root cause is that IPV6 address is not restricted or filtered, which allows attackers to perform a server side request forgery to visit an IPV6 service. autogpt-platform-beta-v0.4.2 fixes the issue. | |||||
| CVE-2025-22474 | 1 Dell | 1 Smartfabric Os10 | 2026-06-17 | N/A | 6.8 MEDIUM |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. | |||||
| CVE-2025-22399 | 1 Dell | 1 Utility Configuration Collector Edge | 2026-06-17 | N/A | 7.9 HIGH |
| Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery | |||||
| CVE-2025-22374 | 2026-06-17 | N/A | N/A | ||
| A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure. | |||||
| CVE-2025-22346 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a. | |||||
| CVE-2025-22215 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network. | |||||
| CVE-2025-21385 | 1 Microsoft | 1 Purview | 2026-06-17 | N/A | 8.8 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-21384 | 1 Microsoft | 1 Azure Health Bot | 2026-06-17 | N/A | 8.3 HIGH |
| An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | |||||
| CVE-2025-21177 | 1 Microsoft | 1 Dynamics 365 Sales | 2026-06-17 | N/A | 8.7 HIGH |
| Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-20388 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-06-17 | N/A | 2.7 LOW |
| In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. | |||||
| CVE-2025-20371 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-06-17 | N/A | 7.5 HIGH |
| In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user. | |||||
| CVE-2025-20288 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2026-06-17 | N/A | 5.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. | |||||
| CVE-2025-20075 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend Web API requests could potentially lead to rebooting the services. | |||||
| CVE-2025-1970 | 1 Webtoffee | 1 Import Export Wordpress Users | 2026-06-17 | N/A | 7.6 HIGH |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2025-1912 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2026-06-17 | N/A | 7.6 HIGH |
| The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2025-1849 | 1 Zframeworks | 1 Zz | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||