Total
1552 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5122 | 1 Grafana | 1 Grafana | 2025-02-13 | N/A | 5.0 MEDIUM |
| Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator | |||||
| CVE-2023-44313 | 1 Apache | 1 Servicecomb | 2025-02-13 | N/A | 7.6 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version 2.2.0, which fixes the issue. | |||||
| CVE-2023-25504 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 4.9 MEDIUM |
| A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1. | |||||
| CVE-2022-44730 | 2 Apache, Debian | 2 Xml Graphics Batik, Debian Linux | 2025-02-13 | N/A | 4.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. | |||||
| CVE-2022-44729 | 2 Apache, Debian | 2 Xml Graphics Batik, Debian Linux | 2025-02-13 | N/A | 7.1 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. | |||||
| CVE-2022-3172 | 1 Kubernetes | 1 Apiserver | 2025-02-13 | N/A | 5.1 MEDIUM |
| A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties. | |||||
| CVE-2020-29445 | 1 Atlassian | 1 Confluence Server | 2025-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. | |||||
| CVE-2024-29035 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | N/A | 4.1 MEDIUM |
| Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1. | |||||
| CVE-2025-21177 | 1 Microsoft | 1 Dynamics 365 Sales | 2025-02-11 | N/A | 8.7 HIGH |
| Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2024-49312 | 1 Edwiser | 1 Bridge | 2025-02-11 | N/A | 4.9 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7. | |||||
| CVE-2025-22399 | 2025-02-11 | N/A | 7.9 HIGH | ||
| Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery | |||||
| CVE-2024-3047 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2025-02-11 | N/A | 7.2 HIGH |
| The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2025-25194 | 2025-02-10 | N/A | 4.0 MEDIUM | ||
| Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior of activitypub_federation and versions 0.19.8 and prior of Lemmy, allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request. As of time of publication, a fix has not been made available. | |||||
| CVE-2024-24888 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-02-07 | N/A | 6.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.25. | |||||
| CVE-2024-23500 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-02-07 | N/A | 7.7 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19. | |||||
| CVE-2024-6980 | 1 Bitdefender | 1 Gravityzone | 2025-02-07 | N/A | 9.8 CRITICAL |
| A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise. | |||||
| CVE-2022-43698 | 1 Open-xchange | 1 Ox App Suite | 2025-02-06 | N/A | 4.3 MEDIUM |
| OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. | |||||
| CVE-2018-17452 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. | |||||
| CVE-2018-17450 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token. | |||||
| CVE-2022-43699 | 1 Open-xchange | 1 Ox App Suite | 2025-02-06 | N/A | 4.3 MEDIUM |
| OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address). | |||||