Total
1827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5186 | 1 Pribai | 1 Privategpt | 2025-05-19 | 7.2 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically, by manipulating the 'path' parameter in a file upload request, an attacker can cause the application to make arbitrary requests to internal services, including the AWS metadata endpoint. This issue could lead to the exposure of internal servers and sensitive data. | ||||
| CVE-2024-0403 | 2 Tandoor, Tandoorrecipes | 2 Recipes, Recipes | 2025-05-19 | 6.5 Medium |
| Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF. | ||||
| CVE-2023-6199 | 1 Bookstackapp | 1 Bookstack | 2025-05-19 | 6.5 Medium |
| Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF. | ||||
| CVE-2024-13845 | 1 Rocketgenius | 1 Gravity Forms Webhooks | 2025-05-19 | 5.5 Medium |
| The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-51242 | 1 Eladmin | 1 Eladmin | 2025-05-17 | 6.5 Medium |
| A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF. | ||||
| CVE-2024-42168 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 8.9 High |
| HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content. | ||||
| CVE-2024-4260 | 1 Godaddy | 1 Coblocks | 2025-05-16 | 6.5 Medium |
| The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. | ||||
| CVE-2024-24113 | 1 Xuxueli | 1 Xxl-job | 2025-05-15 | 8.8 High |
| xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. | ||||
| CVE-2023-42282 | 2 Fedorindutny, Redhat | 6 Ip, Migration Toolkit Virtualization, Network Observ Optr and 3 more | 2025-05-15 | 9.8 Critical |
| The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. | ||||
| CVE-2022-41497 | 1 Clippercms | 1 Clippercms | 2025-05-15 | 9.8 Critical |
| ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. | ||||
| CVE-2022-41496 | 1 Idreamsoft | 1 Icms | 2025-05-15 | 9.8 Critical |
| iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | ||||
| CVE-2022-41495 | 1 Clippercms | 1 Clippercms | 2025-05-15 | 9.8 Critical |
| ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. | ||||
| CVE-2022-42149 | 1 Keking | 1 Kkfileview | 2025-05-14 | 9.8 Critical |
| kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. | ||||
| CVE-2025-2170 | 1 Sonicwall | 2 Sma1000, Sma1000 Firmware | 2025-05-14 | 7.2 High |
| A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. | ||||
| CVE-2022-41477 | 1 Webidsupport | 1 Webid | 2025-05-14 | 9.1 Critical |
| A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. | ||||
| CVE-2024-10903 | 1 Managewp | 1 Broken Link Checker | 2025-05-14 | 4.7 Medium |
| The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation. | ||||
| CVE-2024-26476 | 1 Open-emr | 1 Openemr | 2025-05-13 | 3.5 Low |
| An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. | ||||
| CVE-2025-0480 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-13 | 4.3 Medium |
| A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12840 | 2025-05-12 | 5.0 Medium | ||
| Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug. | ||||
| CVE-2025-47548 | 1 Wbcomdesigns | 1 Activity Link Preview For Buddypress | 2025-05-12 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through 1.4.4. | ||||