Total
1343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16870 | 1 Updraftplus | 1 Updraftplus | 2024-08-05 | 6.8 MEDIUM | 8.1 HIGH |
| The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary | |||||
| CVE-2018-20436 | 1 Telegram | 2 Telegram, Web | 2024-08-05 | 6.8 MEDIUM | 8.1 HIGH |
| The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the "Secret chats > Preview links" setting | |||||
| CVE-2018-19047 | 1 Mpdf Project | 1 Mpdf | 2024-08-05 | 7.5 HIGH | 10.0 CRITICAL |
| mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble. | |||||
| CVE-2018-10220 | 1 Mushmush | 1 Glastopf | 2024-08-05 | 6.8 MEDIUM | 8.8 HIGH |
| Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation | |||||
| CVE-2020-35850 | 1 Cockpit-project | 1 Cockpit | 2024-08-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue. | |||||
| CVE-2020-35205 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-27197 | 2 Eclecticiq, Libtaxii Project | 2 Opentaxii, Libtaxii | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group. | |||||
| CVE-2020-23622 | 1 Cling Project | 1 Cling | 2024-08-04 | N/A | 7.5 HIGH |
| An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header | |||||
| CVE-2020-16248 | 1 Prometheus | 1 Blackbox Exporter | 2024-08-04 | 5.0 MEDIUM | 5.8 MEDIUM |
| Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability | |||||
| CVE-2020-11453 | 1 Microstrategy | 1 Microstrategy Web | 2024-08-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product | |||||
| CVE-2021-44659 | 1 Thoughtworks | 1 Gocd | 2024-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests | |||||
| CVE-2023-28155 | 1 Request Project | 1 Request | 2024-08-02 | N/A | 6.1 MEDIUM |
| The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-1971 | 1 Tpadmin Project | 1 Tpadmin | 2024-08-02 | N/A | 4.9 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225408. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-40543 | 1 Publiccms | 1 Publiccms | 2024-08-01 | N/A | 8.8 HIGH |
| PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. | |||||
| CVE-2024-31979 | 1 Apache | 1 Streampipes | 2024-08-01 | N/A | 4.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | |||||
| CVE-2023-50952 | 1 Ibm | 1 Infosphere Information Server | 2024-07-31 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774. | |||||
| CVE-2024-5328 | 1 Lunary | 1 Lunary | 2024-07-23 | N/A | 9.3 CRITICAL |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An attacker can exploit this vulnerability by sending a specially crafted request to the affected endpoint, allowing them to make unauthorized requests to internal or external resources. This could lead to the disclosure of sensitive information, service disruption, or further attacks against the network infrastructure. The issue affects the latest version of the application as of the report. | |||||
| CVE-2022-48321 | 1 Checkmk | 1 Checkmk | 2024-07-23 | N/A | 3.3 LOW |
| Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | |||||
| CVE-2024-38758 | 2024-07-22 | N/A | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4. | |||||
| CVE-2024-4354 | 1 Tablepress | 1 Tablepress | 2024-07-18 | N/A | 6.4 MEDIUM |
| The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Due to the complex nature of protecting against DNS rebind attacks in WordPress software, we settled on the developer simply restricting the usage of the URL import functionality to just administrators. While this is not optimal, we feel this poses a minimal risk to most site owners and ideally WordPress core would correct this issue in wp_safe_remote_get() and other functions. | |||||