Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5968 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.
|
|||||
| CVE-2022-45429 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2025-04-12 | N/A | 7.5 HIGH |
|
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
|
|||||
| CVE-2025-22374 | 2025-04-11 | N/A | N/A | ||
|
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure.
|
|||||
| CVE-2022-45027 | 1 Perfsonar | 1 Perfsonar | 2025-04-11 | N/A | 5.3 MEDIUM |
|
perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.
|
|||||
| CVE-2010-1637 | 4 Apple, Fedoraproject, Redhat and 1 more | 7 Mac Os X, Mac Os X Server, Fedora and 4 more | 2025-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
|
|||||
| CVE-2023-49785 | 1 Nextchat | 1 Nextchat | 2025-04-10 | N/A | 9.1 CRITICAL |
|
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of t ...
Show More |
|||||
| CVE-2024-1965 | 1 Haivision | 2 Maanager, Streamhub | 2025-04-10 | N/A | 6.5 MEDIUM |
|
Server-Side Request Forgery vulnerability in Haivision's Aviwest Manager and Aviwest Steamhub. This vulnerability could allow an attacker to enumerate internal network configuration without the need for credentials. An attacker could compromise an internal server and retrieve requests sent by other users.
|
|||||
| CVE-2024-6784 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2025-04-10 | N/A | 9.9 CRITICAL |
|
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
|
|||||
| CVE-2025-25785 | 1 Jizhicms | 1 Jizhicms | 2025-04-10 | N/A | 9.1 CRITICAL |
|
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.
|
|||||
| CVE-2024-57767 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | N/A | 8.6 HIGH |
|
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
|
|||||
| CVE-2025-32487 | 2025-04-09 | N/A | 4.9 MEDIUM | ||
|
Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark allows Server Side Request Forgery. This issue affects Waymark: from n/a through 1.5.2.
|
|||||
| CVE-2025-32691 | 2025-04-09 | N/A | 4.9 MEDIUM | ||
|
Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.4.
|
|||||
| CVE-2025-31009 | 2025-04-09 | N/A | 5.4 MEDIUM | ||
|
Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1.
|
|||||
| CVE-2025-32675 | 2025-04-09 | N/A | 6.8 MEDIUM | ||
|
Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery. This issue affects SEO Help: from n/a through 6.6.0.
|
|||||
| CVE-2022-3841 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2025-04-09 | N/A | 7.8 HIGH |
|
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests.
|
|||||
| CVE-2025-25760 | 1 Sucms Project | 1 Sucms | 2025-04-09 | N/A | 7.5 HIGH |
|
A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request.
|
|||||
| CVE-2025-32013 | 1 Lnbits | 1 Lnbits | 2025-04-08 | N/A | 7.5 HIGH |
|
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request to that URL using the httpx library with redirect following enabled. The application doesn't properly validate the callback URL, allowing attackers to specify internal network addresses and access inte ...
Show More |
|||||
| CVE-2024-29090 | 1 Meowapps | 1 Ai Engine | 2025-04-08 | N/A | 6.8 MEDIUM |
|
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
|
|||||
| CVE-2022-25026 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-04-08 | N/A | 7.5 HIGH |
|
A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy.
|
|||||
| CVE-2025-25827 | 1 Emlog | 1 Emlog | 2025-04-07 | N/A | 6.8 MEDIUM |
|
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.
|
|||||
| CVE-2025-28089 | 1 Maccms | 1 Maccms | 2025-04-07 | N/A | 9.1 CRITICAL |
|
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
|
|||||
| CVE-2025-3192 | 2025-04-07 | N/A | 8.2 HIGH | ||
|
Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories.
|
|||||
| CVE-2025-28090 | 1 Maccms | 1 Maccms | 2025-04-07 | N/A | 9.1 CRITICAL |
|
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
|
|||||
| CVE-2025-28091 | 1 Maccms | 1 Maccms | 2025-04-07 | N/A | 9.1 CRITICAL |
|
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
|
|||||
| CVE-2025-28092 | 1 Shopxo | 1 Shopxo | 2025-04-07 | N/A | 6.3 MEDIUM |
|
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
|
|||||
| CVE-2025-28093 | 1 Shopxo | 1 Shopxo | 2025-04-07 | N/A | 6.3 MEDIUM |
|
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
|
|||||
| CVE-2025-28094 | 1 Shopxo | 1 Shopxo | 2025-04-07 | N/A | 6.5 MEDIUM |
|
shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
|
|||||
| CVE-2025-28096 | 1 Onenav | 1 Onenav | 2025-04-07 | N/A | 5.4 MEDIUM |
|
OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
|
|||||
| CVE-2022-45926 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
|
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
|
|||||
| CVE-2024-38791 | 1 Meowapps | 1 Ai Engine | 2025-04-04 | N/A | 4.9 MEDIUM |
|
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7.
|
|||||
| CVE-2025-1548 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-12450 | 1 Infiniflow | 1 Ragflow | 2025-04-04 | N/A | 9.8 CRITICAL |
|
In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF files. Additionally, the lack of restrictions on the file protocol enables Arbitrary File Read, allowing attackers to read server files. Furthermore, the use of an outdated Chromium headless version ...
Show More |
|||||
| CVE-2004-2061 | 1 Risearch | 2 Risearch, Risearch Pro | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
|
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
|
|||||
| CVE-2002-1484 | 1 Siemens | 1 Db4web | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
|
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
|
|||||
| CVE-2024-35635 | 1 Wpmanageninja | 1 Ninja Tables | 2025-04-03 | N/A | 4.4 MEDIUM |
|
Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.9.
|
|||||
| CVE-2024-32430 | 1 Activecampaign | 1 Activecampaign | 2025-04-02 | N/A | 4.4 MEDIUM |
|
Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14.
|
|||||
| CVE-2023-23560 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2025-04-02 | N/A | 9.8 CRITICAL |
|
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
|
|||||
| CVE-2021-43449 | 1 Onlyoffice | 1 Server | 2025-04-02 | N/A | 8.1 HIGH |
|
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document.
|
|||||
| CVE-2024-13838 | 1 Uncannyowl | 1 Uncanny Automator | 2025-04-02 | N/A | 5.5 MEDIUM |
|
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal ...
Show More |
|||||
| CVE-2024-11822 | 1 Dify | 1 Dify | 2025-04-01 | N/A | 7.5 HIGH |
|
langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal servers and potentially expose sensitive information, including access to the AWS metadata endpoint.
|
|||||