Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4741 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-09-17 | 5.3 Medium |
| IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815. | ||||
| CVE-2020-7739 | 1 Phantomjs-seo Project | 1 Phantomjs-seo | 2024-09-17 | 8.2 High |
| This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. | ||||
| CVE-2017-0906 | 1 Recurly | 1 Recurly Client Python | 2024-09-17 | N/A |
| The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources. | ||||
| CVE-2018-1999039 | 1 Jenkins | 1 Confluence Publisher | 2024-09-17 | N/A |
| A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. | ||||
| CVE-2021-34425 | 5 Apple, Google, Linux and 2 more | 6 Iphone Os, Macos, Android and 3 more | 2024-09-17 | 4.7 Medium |
| The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. | ||||
| CVE-2019-1003020 | 1 Jenkins | 1 Kanboard | 2024-09-17 | N/A |
| A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL. | ||||
| CVE-2019-1872 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-09-17 | N/A |
| A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system. | ||||
| CVE-2018-12678 | 1 Portainer | 1 Portainer | 2024-09-17 | N/A |
| Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | ||||
| CVE-2019-3395 | 1 Atlassian | 2 Confluence, Confluence Server | 2024-09-17 | N/A |
| The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. | ||||
| CVE-2020-29445 | 1 Atlassian | 1 Confluence Server | 2024-09-17 | 4.3 Medium |
| Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. | ||||
| CVE-2017-16678 | 1 Sap | 4 Epbc, Epbc2, Kmc-bc and 1 more | 2024-09-17 | N/A |
| Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | ||||
| CVE-2017-0905 | 1 Recurly | 1 Recurly Client Ruby | 2024-09-16 | N/A |
| The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources. | ||||
| CVE-2019-5725 | 1 Qibosoft | 1 Qibosoft | 2024-09-16 | N/A |
| qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. | ||||
| CVE-2021-23664 | 1 Isomorphic-git | 1 Cors-proxy | 2024-09-16 | 8.6 High |
| The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. | ||||
| CVE-2021-41809 | 1 M-files | 1 M-files Server | 2024-09-16 | 3.5 Low |
| SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities. | ||||
| CVE-2022-41609 | 1 Wordplus | 1 Better Messages | 2024-09-16 | 6.4 Medium |
| Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress. | ||||
| CVE-2021-29863 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-09-16 | 4.3 Medium |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. | ||||
| CVE-2019-1679 | 1 Cisco | 2 Telepresence Conductor, Telepresence Video Communication Server | 2024-09-16 | 5.0 Medium |
| A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected. | ||||
| CVE-2021-20483 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2024-09-16 | 6.5 Medium |
| IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591. | ||||
| CVE-2020-5014 | 1 Ibm | 1 Datapower Gateway | 2024-09-16 | 6.7 Medium |
| IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247. | ||||