Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2339 | 1 Xgenecloud | 1 Nocodb | 2024-08-03 | 7.5 High |
| With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information. | ||||
| CVE-2022-2267 | 1 Mailchimp | 1 Mailchimp For Woocommerce | 2024-08-03 | 4.3 Medium |
| The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example | ||||
| CVE-2022-2216 | 1 Parse-url Project | 1 Parse-url | 2024-08-03 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. | ||||
| CVE-2022-1977 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-08-03 | 7.2 High |
| The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | ||||
| CVE-2022-1815 | 1 Diagrams | 1 Drawio | 2024-08-03 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. | ||||
| CVE-2022-1784 | 1 Diagrams | 1 Drawio | 2024-08-03 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. | ||||
| CVE-2022-1767 | 1 Diagrams | 1 Drawio | 2024-08-03 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. | ||||
| CVE-2022-1723 | 1 Diagrams | 1 Drawio | 2024-08-03 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | ||||
| CVE-2022-1713 | 1 Diagrams | 1 Drawio | 2024-08-03 | 7.5 High |
| SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. | ||||
| CVE-2022-1711 | 1 Diagrams | 1 Drawio | 2024-08-03 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. | ||||
| CVE-2022-1722 | 1 Diagrams | 1 Drawio | 2024-08-03 | 3.3 Low |
| SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses | ||||
| CVE-2022-1592 | 1 Clinical-genomics | 1 Scout | 2024-08-03 | 8.2 High |
| Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss... | ||||
| CVE-2022-1398 | 1 External Media Without Import Project | 1 External Media Without Import | 2024-08-03 | 6.5 Medium |
| The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks | ||||
| CVE-2022-1379 | 2 Fedoraproject, Plantuml | 2 Fedora, Plantuml | 2024-08-03 | 9.1 Critical |
| URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers. | ||||
| CVE-2022-1386 | 2 Fusion Builder Project, Theme-fusion | 2 Fusion Builder, Avada | 2024-08-03 | 9.8 Critical |
| The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures. | ||||
| CVE-2022-1285 | 1 Gogs | 1 Gogs | 2024-08-02 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | ||||
| CVE-2022-1191 | 1 Livehelperchat | 1 Live Helper Chat | 2024-08-02 | 8.1 High |
| SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. | ||||
| CVE-2022-1239 | 1 Hubspot | 1 Hubspot | 2024-08-02 | 8.8 High |
| The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | ||||
| CVE-2022-1188 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. | ||||
| CVE-2022-1213 | 1 Livehelperchat | 1 Live Helper Chat | 2024-08-02 | 8.1 High |
| SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 | ||||