Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14704 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-08-05 | N/A |
| An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field. | ||||
| CVE-2019-14476 | 1 Adremsoft | 1 Netcrunch | 2024-08-05 | 6.5 Medium |
| AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems. | ||||
| CVE-2019-14225 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-05 | 5.4 Medium |
| OX App Suite 7.10.1 and 7.10.2 allows SSRF. | ||||
| CVE-2019-14255 | 1 Go-camo Project | 1 Go-camo | 2024-08-05 | N/A |
| A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. | ||||
| CVE-2019-13335 | 1 Salesagility | 1 Suitecrm | 2024-08-04 | 9.8 Critical |
| SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | ||||
| CVE-2019-13121 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 7.5 High |
| An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. | ||||
| CVE-2019-12994 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-08-04 | N/A |
| Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | ||||
| CVE-2019-13020 | 1 Trms | 1 Tightrope Media Carousel | 2024-08-04 | N/A |
| The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet. | ||||
| CVE-2019-12996 | 1 Mendix | 1 Mendix | 2024-08-04 | 5.3 Medium |
| In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. | ||||
| CVE-2019-12959 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-08-04 | N/A |
| Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | ||||
| CVE-2019-12852 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | N/A |
| An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. | ||||
| CVE-2019-12443 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 9.8 Critical |
| An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks. | ||||
| CVE-2019-12161 | 1 Webpagetest | 1 Webpagetest | 2024-08-04 | N/A |
| WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). | ||||
| CVE-2019-12153 | 1 Realobjects | 1 Pdfreactor | 2024-08-04 | N/A |
| Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content. | ||||
| CVE-2019-11767 | 1 Phpbb | 1 Phpbb | 2024-08-04 | N/A |
| Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function. | ||||
| CVE-2019-11565 | 1 Print My Blog Project | 1 Print My Blog | 2024-08-04 | N/A |
| Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. | ||||
| CVE-2019-11574 | 1 Simplemachines | 1 Simple Machine Forum | 2024-08-04 | 9.8 Critical |
| An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. | ||||
| CVE-2019-11066 | 1 Lightopenid Project | 1 Lightopenid | 2024-08-04 | N/A |
| openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. | ||||
| CVE-2019-10686 | 1 Ctrip | 1 Apollo | 2024-08-04 | N/A |
| An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled. | ||||
| CVE-2019-9827 | 2 Hawt, Redhat | 4 Hawtio, Amq Broker, Jboss Amq and 1 more | 2024-08-04 | N/A |
| Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. | ||||