Total
1887 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25972 | 1 Tuzitio | 1 Camaleon Cms | 2025-04-30 | 4.9 Medium |
| In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server. | ||||
| CVE-2022-42894 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2025-04-30 | 7.5 High |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration. | ||||
| CVE-2022-43140 | 1 Keking | 1 Kkfileview | 2025-04-30 | 7.5 High |
| kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. | ||||
| CVE-2022-43183 | 1 Xuxueli | 1 Xxl-job | 2025-04-29 | 8.8 High |
| XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. | ||||
| CVE-2022-40842 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2025-04-29 | 9.1 Critical |
| ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. | ||||
| CVE-2022-45152 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-04-29 | 9.1 Critical |
| A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | ||||
| CVE-2025-46443 | 2025-04-29 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5. | ||||
| CVE-2025-46511 | 2025-04-29 | 6.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71. | ||||
| CVE-2024-33864 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | 5.9 Medium |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript. | ||||
| CVE-2025-29449 | 1 Lm21 | 1 Twonav | 2025-04-25 | 6.5 Medium |
| An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function. | ||||
| CVE-2025-29460 | 1 Mybb | 1 Mybb | 2025-04-25 | 7.6 High |
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | ||||
| CVE-2022-41412 | 1 Perfsonar | 1 Perfsonar | 2025-04-24 | 8.6 High |
| An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. | ||||
| CVE-2023-6294 | 2 Popup Builder, Sygnoos | 2 Popup Builder, Popup Builder | 2025-04-24 | 7.5 High |
| The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. | ||||
| CVE-2022-35508 | 1 Proxmox | 3 Proxmox Mail Gateway, Pve Http Server, Virtual Environment | 2025-04-24 | 9.8 Critical |
| Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3. | ||||
| CVE-2025-29458 | 1 Mybb | 1 Mybb | 2025-04-24 | 7.6 High |
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | ||||
| CVE-2025-29457 | 1 Mybb | 1 Mybb | 2025-04-24 | 7.6 High |
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | ||||
| CVE-2022-43880 | 1 Ibm | 1 Qradar Wincollect | 2025-04-24 | 4.4 Medium |
| IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151. | ||||
| CVE-2025-3691 | 1 Mirweiye | 1 Seven Bears Library Cms | 2025-04-24 | 2.7 Low |
| A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-21009 | 3 Adobe, Linux, Microsoft | 3 Campaign Classic, Linux Kernel, Windows | 2025-04-23 | 8.6 High |
| Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources. | ||||
| CVE-2024-56736 | 1 Apache | 1 Hertzbeat | 2025-04-23 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue. | ||||