Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43183 | 1 Xuxueli | 1 Xxl-job | 2024-08-03 | 8.8 High |
| XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. | ||||
| CVE-2022-43140 | 1 Keking | 1 Kkfileview | 2024-08-03 | 7.5 High |
| kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. | ||||
| CVE-2022-42894 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2024-08-03 | 7.5 High |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration. | ||||
| CVE-2022-42890 | 3 Apache, Debian, Redhat | 4 Batik, Debian Linux, Camel Spring Boot and 1 more | 2024-08-03 | 7.5 High |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | ||||
| CVE-2022-42149 | 1 Keking | 1 Kkfileview | 2024-08-03 | 9.8 Critical |
| kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. | ||||
| CVE-2022-41949 | 1 Dhis2 | 1 Dhis 2 | 2024-08-03 | 5 Medium |
| DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability. | ||||
| CVE-2022-41906 | 1 Amazon | 1 Opensearch Notifications | 2024-08-03 | 8.7 High |
| OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds. | ||||
| CVE-2022-41704 | 3 Apache, Debian, Redhat | 4 Batik, Debian Linux, Camel Spring Boot and 1 more | 2024-08-03 | 7.5 High |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | ||||
| CVE-2022-41497 | 1 Clippercms | 1 Clippercms | 2024-08-03 | 9.8 Critical |
| ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. | ||||
| CVE-2022-41496 | 1 Idreamsoft | 1 Icms | 2024-08-03 | 9.8 Critical |
| iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | ||||
| CVE-2022-41477 | 1 Webidsupport | 1 Webid | 2024-08-03 | 9.1 Critical |
| A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. | ||||
| CVE-2022-41495 | 1 Clippercms | 1 Clippercms | 2024-08-03 | 9.8 Critical |
| ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. | ||||
| CVE-2022-41552 | 3 Hitachi, Linux, Microsoft | 5 Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint and 2 more | 2024-08-03 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | ||||
| CVE-2022-41412 | 1 Perfsonar | 1 Perfsonar | 2024-08-03 | 8.6 High |
| An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. | ||||
| CVE-2022-41040 | 1 Microsoft | 1 Exchange Server | 2024-08-03 | 8.8 High |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | ||||
| CVE-2022-40842 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2024-08-03 | 9.1 Critical |
| ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. | ||||
| CVE-2022-40357 | 1 Zblogcn | 1 Z-blogphp | 2024-08-03 | 9.8 Critical |
| A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter. | ||||
| CVE-2022-40296 | 1 Phppointofsale | 1 Php Point Of Sale | 2024-08-03 | 9.8 Critical |
| The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. | ||||
| CVE-2022-40305 | 1 Canto | 1 Canto | 2024-08-03 | 9.8 Critical |
| A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form. | ||||
| CVE-2022-40312 | 1 Givewp | 1 Givewp | 2024-08-03 | 5.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1. | ||||