Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41305 | 1 Wondercms | 1 Wondercms | 2024-08-08 | 7.1 High |
| A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | ||||
| CVE-2022-46973 | 1 Anji-plus | 1 Aj-report | 2024-08-08 | 9.8 Critical |
| Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2002-1484 | 1 Siemens | 1 Db4web | 2024-08-08 | 9.8 Critical |
| DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message. | ||||
| CVE-2004-2061 | 1 Risearch | 2 Risearch, Risearch Pro | 2024-08-08 | 9.8 Critical |
| RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL. | ||||
| CVE-2022-27780 | 3 Haxx, Netapp, Splunk | 15 Curl, Clustered Data Ontap, H300s and 12 more | 2024-08-07 | 7.5 High |
| The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. | ||||
| CVE-2024-29028 | 2024-08-07 | 5.8 Medium | ||
| memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1. | ||||
| CVE-2007-6758 | 1 Sencha | 1 Ext Js | 2024-08-07 | 7.5 High |
| Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. | ||||
| CVE-2024-6522 | 2024-08-07 | 8.5 High | ||
| The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-34111 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-08-07 | 6.5 Medium |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.. | ||||
| CVE-2024-2090 | 2024-08-07 | 6.4 Medium | ||
| The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2010-1637 | 4 Apple, Fedoraproject, Redhat and 1 more | 8 Mac Os X, Mac Os X Server, Fedora and 5 more | 2024-08-07 | 6.5 Medium |
| The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | ||||
| CVE-2024-38791 | 2024-08-06 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7. | ||||
| CVE-2013-4864 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-08-06 | 9.8 Critical |
| MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. | ||||
| CVE-2024-27564 | 2024-08-06 | 6.5 Medium | ||
| A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. | ||||
| CVE-2024-27707 | 2024-08-06 | 4.3 Medium | ||
| Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. | ||||
| CVE-2014-8943 | 1 Piwigo | 1 Lexiglot | 2024-08-06 | 8.8 High |
| Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter. | ||||
| CVE-2014-3990 | 1 Opencart | 1 Opencart | 2024-08-06 | N/A |
| The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | ||||
| CVE-2015-8813 | 1 Umbraco | 1 Umbraco | 2024-08-06 | N/A |
| The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. | ||||
| CVE-2015-7570 | 1 Yeager | 1 Yeager Cms | 2024-08-06 | N/A |
| Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. | ||||
| CVE-2016-10927 | 1 Neliosoftware | 1 Nelio Ab Testing | 2024-08-06 | N/A |
| The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. | ||||