Total
1636 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7569 | 1 Vbulletin | 1 Vbulletin | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | |||||
| CVE-2017-16870 | 1 Updraftplus | 1 Updraftplus | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| ** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary. | |||||
| CVE-2016-7999 | 1 Spip | 1 Spip | 2025-04-20 | 4.3 MEDIUM | 7.4 HIGH |
| ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. | |||||
| CVE-2017-10973 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | |||||
| CVE-2017-0889 | 1 Thoughtbot | 1 Paperclip | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources. | |||||
| CVE-2017-9066 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | |||||
| CVE-2017-11149 | 1 Synology | 1 Download Station | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | |||||
| CVE-2017-15886 | 1 Synology | 1 Chat | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | |||||
| CVE-2016-6001 | 1 Ibm | 1 Forms Experience Builder | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. | |||||
| CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | |||||
| CVE-2015-8813 | 1 Umbraco | 1 Umbraco | 2025-04-20 | 4.3 MEDIUM | 8.2 HIGH |
| The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. | |||||
| CVE-2017-0906 | 1 Recurly | 1 Recurly Client Python | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources. | |||||
| CVE-2017-9355 | 1 Subsonic | 1 Subsonic | 2025-04-20 | 4.3 MEDIUM | 7.4 HIGH |
| XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. | |||||
| CVE-2017-1000139 | 1 Mahara | 1 Mahara | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. | |||||
| CVE-2015-7570 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | 6.4 MEDIUM | 7.2 HIGH |
| Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. | |||||
| CVE-2017-7553 | 1 Redhat | 1 Mobile Application Platform | 2025-04-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints. | |||||
| CVE-2017-15943 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | |||||
| CVE-2017-12905 | 1 Vebto | 1 Pixie - Image Editor | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | |||||
| CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2017-5518 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 4.3 MEDIUM | 7.4 HIGH |
| The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. | |||||