Total
1343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31527 | 2025-04-01 | N/A | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Preview allows Server Side Request Forgery. This issue affects WP Link Preview: from n/a through 1.4.1. | |||||
| CVE-2025-2997 | 2025-04-01 | N/A | 6.3 MEDIUM | ||
| A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-0677 | 1 Popozure | 1 Pz-linkcard | 2025-04-01 | N/A | N/A |
| The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. | |||||
| CVE-2022-46998 | 1 Taogogo | 1 Taocms | 2025-04-01 | N/A | 9.8 CRITICAL |
| An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | |||||
| CVE-2024-44677 | 1 Eladmin | 1 Eladmin | 2025-03-31 | N/A | 9.8 CRITICAL |
| eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. | |||||
| CVE-2023-45705 | 1 Hcltech | 1 Bigfix Platform | 2025-03-28 | N/A | 7.2 HIGH |
| An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options. | |||||
| CVE-2025-31076 | 2025-03-28 | N/A | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Compress for MainWP allows Server Side Request Forgery. This issue affects WP Compress for MainWP: from n/a through 6.30.03. | |||||
| CVE-2021-21973 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-03-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | |||||
| CVE-2023-24622 | 1 Includesecurity | 1 Safeurl-python | 2025-03-28 | N/A | 5.3 MEDIUM |
| isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. | |||||
| CVE-2023-24623 | 1 Paranoidhttp Project | 1 Paranoidhttp | 2025-03-28 | N/A | 7.5 HIGH |
| Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. | |||||
| CVE-2022-4335 | 1 Gitlab | 1 Gitlab | 2025-03-28 | N/A | 4.3 MEDIUM |
| A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. | |||||
| CVE-2022-4201 | 1 Gitlab | 1 Gitlab | 2025-03-27 | N/A | 5.3 MEDIUM |
| A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. | |||||
| CVE-2023-24495 | 1 Tenable | 1 Tenable.sc | 2025-03-27 | N/A | 6.5 MEDIUM |
| A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly. | |||||
| CVE-2023-24060 | 1 Havenweb | 1 Haven | 2025-03-27 | N/A | 5.0 MEDIUM |
| Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch. | |||||
| CVE-2022-37033 | 1 Dotcms | 1 Dotcms | 2025-03-27 | N/A | 6.5 MEDIUM |
| In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely. | |||||
| CVE-2025-22672 | 2025-03-27 | N/A | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.2. | |||||
| CVE-2025-30914 | 2025-03-27 | N/A | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery. This issue affects Metform: from n/a through 3.9.2. | |||||
| CVE-2024-13923 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2025-03-26 | N/A | 6.5 MEDIUM |
| The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2024-40544 | 1 Publiccms | 1 Publiccms | 2025-03-26 | N/A | 8.8 HIGH |
| PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. | |||||
| CVE-2025-27406 | 2025-03-26 | N/A | N/A | ||
| Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act on behalf of the user, if the template is being previewed; and act on behalf of the headless browser, if a report using the template is printed to PDF. This issue has been resolved in version 1.0.3 of Icinga Reporting. As a workaround, review all templates and remove suspicious settings. | |||||