Total
2705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6199 | 1 Bookstackapp | 1 Bookstack | 2026-06-17 | N/A | 6.5 MEDIUM |
| Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF. | |||||
| CVE-2023-6195 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 2.6 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository. | |||||
| CVE-2023-6124 | 1 Salesagility | 1 Suitecrm | 2026-06-17 | N/A | 4.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. | |||||
| CVE-2023-6070 | 1 Trellix | 1 Enterprise Security Manager | 2026-06-17 | N/A | 4.3 MEDIUM |
| A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data | |||||
| CVE-2023-5974 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2026-06-17 | N/A | 9.8 CRITICAL |
| The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. | |||||
| CVE-2023-5572 | 1 Vrite | 1 Vrite | 2026-06-17 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0. | |||||
| CVE-2023-53899 | 1 Podcastgenerator | 1 Podcast Generator | 2026-06-17 | N/A | 9.8 CRITICAL |
| PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation. | |||||
| CVE-2023-53893 | 1 Ateme | 1 Titan File | 2026-06-17 | N/A | 6.5 MEDIUM |
| Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations. | |||||
| CVE-2023-52331 | 1 Trendmicro | 1 Apex Central | 2026-06-17 | N/A | 7.1 HIGH |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-51804 | 1 Rymcu | 1 Forest | 2026-06-17 | N/A | 7.5 HIGH |
| An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file. | |||||
| CVE-2023-51697 | 1 Audiobookshelf | 1 Audiobookshelf | 2026-06-17 | N/A | 4.3 MEDIUM |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-51676 | 1 Wedevs | 1 Happy Addons For Elementor | 2026-06-17 | N/A | 4.9 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. | |||||
| CVE-2023-51665 | 1 Audiobookshelf | 1 Audiobookshelf | 2026-06-17 | N/A | 4.3 MEDIUM |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-51467 | 1 Apache | 1 Ofbiz | 2026-06-17 | N/A | 9.8 CRITICAL |
| The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code | |||||
| CVE-2023-51451 | 1 Sentry | 1 Symbolicator | 2026-06-17 | N/A | 4.3 MEDIUM |
| Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator's API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`. | |||||
| CVE-2023-51441 | 1 Apache | 1 Axis | 2026-06-17 | N/A | 7.2 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome. | |||||
| CVE-2023-50968 | 1 Apache | 1 Ofbiz | 2026-06-17 | N/A | 7.5 HIGH |
| Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue. | |||||
| CVE-2023-50952 | 1 Ibm | 1 Infosphere Information Server | 2026-06-17 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774. | |||||
| CVE-2023-50913 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Oxide control plane software before 5 allows SSRF. | |||||
| CVE-2023-50733 | 2026-06-17 | N/A | 8.6 HIGH | ||
| A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. | |||||