Total
1663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10044 | 1 Lm-sys | 1 Fastchat | 2025-07-29 | N/A | 9.3 CRITICAL |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint. | |||||
| CVE-2024-2206 | 1 Gradio Project | 1 Gradio | 2025-07-29 | N/A | 6.5 MEDIUM |
| An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the `build_proxy_request` function. | |||||
| CVE-2024-11603 | 1 Lm-sys | 1 Fastchat | 2025-07-29 | N/A | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal networks or the AWS metadata endpoint, potentially exposing sensitive data and compromising internal servers. | |||||
| CVE-2024-43204 | 1 Apache | 1 Http Server | 2025-07-29 | N/A | 7.5 HIGH |
| SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request. Users are recommended to upgrade to version 2.4.64 which fixes this issue. | |||||
| CVE-2024-43394 | 2 Apache, Microsoft | 2 Http Server, Windows | 2025-07-29 | N/A | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication. | |||||
| CVE-2025-52453 | 2025-07-29 | N/A | 8.2 HIGH | ||
| Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | |||||
| CVE-2025-52454 | 2025-07-29 | N/A | 5.3 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | |||||
| CVE-2025-52455 | 2025-07-29 | N/A | 5.3 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | |||||
| CVE-2025-24485 | 2025-07-29 | N/A | 5.8 MEDIUM | ||
| A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2024-2049 | 1 Citrix | 24 Sd-wan 1000, Sd-wan 1000 Firmware, Sd-wan 110 and 21 more | 2025-07-25 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP. | |||||
| CVE-2025-8020 | 2025-07-25 | N/A | 8.2 HIGH | ||
| All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the package's source code. | |||||
| CVE-2025-5818 | 2025-07-25 | N/A | 5.5 MEDIUM | ||
| The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.4 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2025-8133 | 2025-07-25 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The identifier of the patch is 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6. It is recommended to upgrade the affected component. | |||||
| CVE-2025-45939 | 2025-07-25 | N/A | 6.5 MEDIUM | ||
| Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery (SSRF) via the test webhook function. | |||||
| CVE-2025-1220 | 1 Php | 1 Php | 2025-07-22 | N/A | 3.7 LOW |
| In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions. | |||||
| CVE-2025-20288 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2025-07-22 | N/A | 5.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. | |||||
| CVE-2025-52362 | 2025-07-22 | N/A | 9.1 CRITICAL | ||
| Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl parameter can be bypassed, allowing a remote, unauthenticated attacker to submit a specially crafted URL | |||||
| CVE-2025-7759 | 2025-07-22 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in thinkgem JeeSite up to 5.12.0. This affects an unknown part of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. The manipulation of the argument Source leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1c5e49b0818037452148e0f8ff69ed04cb8fefdc. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-7787 | 2025-07-22 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46385 | 2025-07-22 | N/A | 8.6 HIGH | ||
| CWE-918 Server-Side Request Forgery (SSRF) | |||||