Total
2690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35133 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 7.5 HIGH |
| An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | |||||
| CVE-2023-35011 | 1 Ibm | 1 Cognos Analytics | 2026-06-17 | N/A | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705. | |||||
| CVE-2023-34959 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools. | |||||
| CVE-2023-34370 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4. | |||||
| CVE-2023-33184 | 1 Nextcloud | 1 Mail | 2026-06-17 | N/A | 3.5 LOW |
| Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. | |||||
| CVE-2023-33176 | 1 Bigbluebutton | 1 Bigbluebutton | 2026-06-17 | N/A | 4.8 MEDIUM |
| BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presentation should be downloaded. This URL was being used without having been successfully validated first. An update to the `followRedirect` method in the `PresentationUrlDownloadService` has been made to validate all URLs to be used for presentation download. Two new properties `presentationDownloadSupportedProtocols` and `presentationDownloadBlockedHosts` have also been added to `bigbluebutton.properties` to allow administrators to define what protocols a URL must use and to explicitly define hosts that a presentation cannot be downloaded from. All URLs passed to `insertDocument` must conform to the requirements of the two previously mentioned properties. Additionally, these URLs must resolve to valid addresses, and these addresses must not be local or loopback addresses. There are no workarounds. Users are advised to upgrade to a patched version of BigBlueButton. | |||||
| CVE-2023-32750 | 1 Pydio | 1 Cells | 2026-06-17 | N/A | 6.5 MEDIUM |
| Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells. | |||||
| CVE-2023-32348 | 1 Teltonika | 1 Remote Management System | 2026-06-17 | N/A | 5.8 MEDIUM |
| Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN. | |||||
| CVE-2023-32337 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2026-06-17 | N/A | 5.4 MEDIUM |
| IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. | |||||
| CVE-2023-32052 | 1 Microsoft | 1 Power Apps | 2026-06-17 | N/A | 5.4 MEDIUM |
| Microsoft Power Apps (online) Spoofing Vulnerability | |||||
| CVE-2023-31848 | 1 Davinci Project | 1 Davinci | 2026-06-17 | N/A | 8.8 HIGH |
| davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). | |||||
| CVE-2023-31456 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authenticated user. | |||||
| CVE-2023-30444 | 1 Ibm | 1 Watson Machine Learning On Cloud Pak For Data | 2026-06-17 | N/A | 7.1 HIGH |
| IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. | |||||
| CVE-2023-30019 | 1 Evilmartians | 1 Imgproxy | 2026-06-17 | N/A | 5.3 MEDIUM |
| imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. | |||||
| CVE-2023-2927 | 1 Jizhicms | 1 Jizhicms | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2249 | 1 Gvectors | 1 Wpforo Forum | 2026-06-17 | N/A | 8.8 HIGH |
| The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services. | |||||
| CVE-2023-2140 | 1 3ds | 1 Delmia Apriso | 2026-06-17 | N/A | 7.5 HIGH |
| A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application. | |||||
| CVE-2023-29292 | 1 Adobe | 2 Commerce, Magento | 2026-06-17 | N/A | 4.9 MEDIUM |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-29291 | 1 Adobe | 2 Commerce, Magento | 2026-06-17 | N/A | 4.9 MEDIUM |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-29260 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135. | |||||