Total
2721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5014 | 1 Progress | 1 Whatsup Gold | 2026-06-17 | N/A | 7.1 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form. | |||||
| CVE-2024-57767 | 1 Wangl1989 | 1 Mysiteforme | 2026-06-17 | N/A | 8.6 HIGH |
| MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. | |||||
| CVE-2024-57252 | 1 Otcms | 1 Otcms | 2026-06-17 | N/A | 4.3 MEDIUM |
| OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. | |||||
| CVE-2024-56800 | 2026-06-17 | N/A | 7.4 HIGH | ||
| Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address. This allowed exfiltration of local network resources through the API. The cloud service was patched on December 27th, 2024, and the maintainers have checked that no user data was exposed by this vulnerability. Scraping engines used in the open sourced version of Firecrawl were patched on December 29th, 2024, except for the playwright services which the maintainers have determined to be un-patchable. All users of open-source software (OSS) Firecrawl should upgrade to v1.1.1. As a workaround, OSS Firecrawl users should supply the playwright services with a secure proxy. A proxy can be specified through the `PROXY_SERVER` env in the environment variables. Please refer to the documentation for instructions. Ensure that the proxy server one is using is setup to block all traffic going to link-local IP addresses. | |||||
| CVE-2024-56736 | 1 Apache | 1 Hertzbeat | 2026-06-17 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue. | |||||
| CVE-2024-56471 | 1 Ibm | 1 Aspera Shares | 2026-06-17 | N/A | 5.4 MEDIUM |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-56470 | 1 Ibm | 1 Aspera Shares | 2026-06-17 | N/A | 5.4 MEDIUM |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-56279 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in mra13 Compact WP Audio Player compact-wp-audio-player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through <= 1.9.14. | |||||
| CVE-2024-56275 | 2026-06-17 | N/A | 4.1 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14. | |||||
| CVE-2024-55910 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-06-17 | N/A | 6.5 MEDIUM |
| IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-55875 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. The original fix shipped in v5.41.0.0 / v4.50.0.0 closed the documented external-entity attack class (SSRF, local-file disclosure, code execution) by setting `ACCESS_EXTERNAL_DTD=""`, `ACCESS_EXTERNAL_SCHEMA=""`, and `isExpandEntityReferences=false` on the default `DocumentBuilderFactory`. A residual gap remained: the parser still accepted documents containing `<!DOCTYPE>` declarations even though external entity resolution was blocked. This left open billion-laughs-style internal entity expansion DoS attacks against any application using `Body.xml()` or `Document.asXmlDocument()` on untrusted XML. v6.50.0.0 closes this residual by adding `disallow-doctype-decl=true` and `FEATURE_SECURE_PROCESSING=true` to `defaultXmlParsingConfig`. Any document containing a `<!DOCTYPE>` is now rejected at parse time. | |||||
| CVE-2024-55399 | 1 4cstrategies | 1 Exonaut | 2026-06-17 | N/A | 6.5 MEDIUM |
| 4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF). | |||||
| CVE-2024-55089 | 1 Rhymix | 1 Rhymix | 2026-06-17 | N/A | 4.1 MEDIUM |
| Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities. | |||||
| CVE-2024-55086 | 1 Getsimple-ce | 1 Getsimple Cms | 2026-06-17 | N/A | 7.2 HIGH |
| In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. | |||||
| CVE-2024-55082 | 2026-06-17 | N/A | 7.5 HIGH | ||
| A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. | |||||
| CVE-2024-54819 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php | |||||
| CVE-2024-54385 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.83. | |||||
| CVE-2024-54330 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through <= 2.4. | |||||
| CVE-2024-54197 | 2026-06-17 | N/A | 7.2 HIGH | ||
| SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application. | |||||
| CVE-2024-54000 | 1 Opensecurity | 1 Mobile Security Framework | 2026-06-17 | N/A | 7.5 HIGH |
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7. | |||||