Total
1441 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28091 | 2025-03-31 | N/A | 9.1 CRITICAL | ||
| maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. | |||||
| CVE-2025-28089 | 2025-03-31 | N/A | 9.1 CRITICAL | ||
| maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. | |||||
| CVE-2025-28093 | 2025-03-31 | N/A | 6.3 MEDIUM | ||
| ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. | |||||
| CVE-2025-28092 | 2025-03-31 | N/A | 6.3 MEDIUM | ||
| ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. | |||||
| CVE-2025-28090 | 2025-03-31 | N/A | 9.1 CRITICAL | ||
| maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. | |||||
| CVE-2025-31116 | 2025-03-31 | N/A | 4.4 MEDIUM | ||
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2. | |||||
| CVE-2025-31117 | 2025-03-31 | N/A | N/A | ||
| OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1. | |||||
| CVE-2025-28094 | 2025-03-31 | N/A | 6.5 MEDIUM | ||
| shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. | |||||
| CVE-2025-28096 | 2025-03-31 | N/A | 5.4 MEDIUM | ||
| OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers. | |||||
| CVE-2024-44677 | 1 Eladmin | 1 Eladmin | 2025-03-31 | N/A | 9.8 CRITICAL |
| eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. | |||||
| CVE-2025-2997 | 2025-03-31 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-31527 | 2025-03-31 | N/A | 6.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Preview allows Server Side Request Forgery. This issue affects WP Link Preview: from n/a through 1.4.1. | |||||
| CVE-2023-45705 | 1 Hcltech | 1 Bigfix Platform | 2025-03-28 | N/A | 3.5 LOW |
| An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options. | |||||
| CVE-2025-31076 | 2025-03-28 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Compress for MainWP allows Server Side Request Forgery. This issue affects WP Compress for MainWP: from n/a through 6.30.03. | |||||
| CVE-2024-44721 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
| SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. | |||||
| CVE-2021-21973 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-03-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | |||||
| CVE-2023-24495 | 1 Tenable | 1 Tenable.sc | 2025-03-27 | N/A | 6.5 MEDIUM |
| A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly. | |||||
| CVE-2024-48944 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue. | |||||
| CVE-2025-2109 | 2025-03-27 | N/A | 5.8 MEDIUM | ||
| The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services. | |||||
| CVE-2024-10206 | 2025-03-27 | N/A | N/A | ||
| A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs. | |||||