Critical
CVE-2024-6980
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console…
Tag: Server-Side Request Forgery (SSRF)
All CVEs associated with "Server-Side Request Forgery (SSRF)". Page 12/23 • 2666 CVEs.
Subscribe CVEs: RSS for “Server-Side Request Forgery (SSRF)” · RSS (High+Critical only)
About “Server-Side Request Forgery (SSRF)”
A curated feed of “Server-Side Request Forgery (SSRF)”-related CVEs appears below. We currently track 2666 CVEs for this tag (all time). In the last 365 days, 961 were published. Average CVSS is 6.9 (all time; 6.6 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-918 - Server-Side Request Forgery (SSRF), CWE-611 - Improper Restriction of XML External Entity Reference, CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-07-31
2024-07-30
Medium
CVE-2024-41305
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl…
2024-07-26
Critical
CVE-2024-41120
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 63 of `pages/9_🔲_Vector_Data_Visual…
High
CVE-2024-41118
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_📦_Web_Map_Service.py…
High
CVE-2024-41813
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSR…
High
CVE-2024-41812
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the `/get`…
Medium
CVE-2024-6922
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS servic…
2024-07-23
High
CVE-2024-41668
The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBio…
Medium
CVE-2024-41664
Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users c…
Medium
CVE-2024-4260
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contri…
2024-07-22
Medium
CVE-2024-38730
Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.
High
CVE-2024-38728
Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.
Medium
CVE-2024-38723
Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6.
High
CVE-2024-37942
Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5.
2024-07-20
Medium
CVE-2024-38758
Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4.
2024-07-19
Critical
CVE-2024-29736
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies…
High
CVE-2024-21527
Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the pack…
2024-07-18
High
CVE-2024-40642
The netty incubator codec.bhttp is a java language binary http parser. In affected versions the `BinaryHttpParser` class does not properly validate input values thus giving attackers almost complete…
High
CVE-2024-40898
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to…
2024-07-17
Medium
CVE-2024-31979
Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which…
2024-07-16
Medium
CVE-2023-31456
There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an auth…
2024-07-15
Low
CVE-2024-40632
Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially…
Medium
CVE-2024-39739
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system…
2024-07-12
High
CVE-2024-40544
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.
High
CVE-2024-40543
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.
2024-07-11
High
CVE-2024-39904
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be…
2024-07-09
Medium
CVE-2024-37171
SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the applicati…
2024-07-08
Medium
CVE-2024-39699
Directus is a real-time API and App dashboard for managing SQL database content. There was already a reported SSRF vulnerability via file import. It was fixed by resolving all DNS names and checking…
Medium
CVE-2024-31897
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side requ…
2024-07-06
Medium
CVE-2024-6095
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s…
High
CVE-2024-37260
Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5.
Medium
CVE-2024-37208
Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7.
2024-07-05
High
CVE-2024-39687
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub…
Critical
CVE-2024-29319
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attac…
Medium
CVE-2024-6524
A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of…
2024-07-01
High
CVE-2024-39573
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to…
Critical
CVE-2024-38476
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious o…
High
CVE-2024-38472
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which…
2024-06-30
Medium
CVE-2023-50952
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading…
2024-06-28
High
CVE-2024-38514
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the `endpoint` GET parameter on the WebDav API endpoint. Thi…
High
CVE-2024-5736
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue aff…
2024-06-27
High
CVE-2024-5885
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to acc…
Critical
CVE-2024-5822
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attac…
High
CVE-2024-5820
An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. The backe…
2024-06-26
Medium
CVE-2024-37098
Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.6.
High
CVE-2024-34581
The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate…
Medium
CVE-2024-34580
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project…
Medium
CVE-2024-29173
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially…
2024-06-25
High
CVE-2024-5015
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an…
High
CVE-2024-5014
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an H…
2024-06-24
Medium
CVE-2023-45195
Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have…
2024-06-22
Medium
CVE-2024-4940
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for…
2024-06-20
High
CVE-2024-5746
A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the Git…
High
CVE-2024-37818
Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive…
2024-06-19
Critical
CVE-2024-5021
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. T…
2024-06-15
High
CVE-2023-6696
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several…
2024-06-14
High
CVE-2024-4404
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, wi…
2024-06-13
High
CVE-2024-37164
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 an…
Medium
CVE-2024-34111
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privile…
2024-06-10
High
CVE-2024-36414
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-sid…
2024-06-07
Medium
CVE-2024-4354
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This…
2024-06-06
Critical
CVE-2024-5328
A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the…
High
CVE-2024-5186
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could res…
High
CVE-2024-4851
A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the…
High
CVE-2024-3149
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded li…
High
CVE-2024-3095
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever…
Critical
CVE-2024-5482
A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the ap…
High
CVE-2024-4325
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerabili…
High
CVE-2024-3152
mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a…
High
CVE-2024-4177
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console…
2024-06-05
High
CVE-2024-20404
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to…
High
CVE-2024-5526
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafa…
High
CVE-2024-4084
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP…
2024-06-04
Critical
CVE-2024-36675
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
Medium
CVE-2024-4219
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.
2024-06-03
Medium
CVE-2024-35635
Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.9.
Medium
CVE-2024-35633
Server-Side Request Forgery (SSRF) vulnerability in Creative Themes Blocksy Companion blocksy-companion.This issue affects Blocksy Companion: from n/a through <= 2.0.42.
Medium
CVE-2024-35637
Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.3.6.
2024-05-31
Medium
CVE-2023-7073
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library AJAX action. This…
High
CVE-2024-4469
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite conf…
2024-05-27
High
CVE-2024-29415
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globall…
2024-05-23
Critical
CVE-2024-4399
The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack
Medium
CVE-2024-1855
The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and inc…
2024-05-22
Critical
CVE-2024-25738
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configura…
Medium
CVE-2024-25737
A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers…
High
CVE-2024-5031
The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for au…
Medium
CVE-2024-30420
Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploit…
2024-05-17
High
CVE-2024-32830
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects Bu…
Medium
CVE-2024-4789
Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. This makes it possible for authentica…
Critical
CVE-2024-27954
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic:…
High
CVE-2023-46784
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Abs…
2024-05-16
Critical
CVE-2024-2361
A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the `install_model()…
2024-05-15
Medium
CVE-2024-3970
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.
Medium
CVE-2024-3485
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure.
Medium
CVE-2024-4894
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This v…
2024-05-14
Medium
CVE-2024-4562
In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, a…
Medium
CVE-2024-4561
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vu…
Low
CVE-2024-32021
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git m…
Medium
CVE-2024-0862
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protectio…
Medium
CVE-2024-33864
An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation vi…
Medium
CVE-2024-35172
Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.
High
CVE-2024-34351
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` he…
Critical
CVE-2024-32964
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vu…
Medium
CVE-2024-1467
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_re…
2024-05-07
Critical
CVE-2024-33857
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request For…
Medium
CVE-2023-7240
An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to…
2024-05-06
Medium
CVE-2024-33117
crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.
2024-05-03
Medium
CVE-2024-34453
TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php).
2024-05-02
High
CVE-2024-3047
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow…
2024-05-01
Medium
CVE-2024-23336
MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerabi…
2024-04-30
Medium
CVE-2024-33832
OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info.
High
CVE-2024-2663
The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. This makes it possible for un…
Medium
CVE-2024-0216
The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers wit…
2024-04-29
Critical
CVE-2024-33449
An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter
Medium
CVE-2024-33590
Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n…
Medium
CVE-2024-33634
Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
Medium
CVE-2024-33629
Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0.
Medium
CVE-2024-33627
Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2.
2024-04-25
Medium
CVE-2024-33592
Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.
2024-04-24
Medium
CVE-2024-32812
Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.