Total
1165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51740 | 1 Combodo | 1 Itop | 2024-11-08 | N/A | 8.8 HIGH |
| Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-47190 | 2024-11-08 | N/A | 2.7 LOW | ||
| Northern.tech Hosted Mender before 2024.07.11 allows SSRF. | |||||
| CVE-2024-46947 | 2024-11-08 | N/A | 6.5 MEDIUM | ||
| Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. | |||||
| CVE-2024-48951 | 2024-11-08 | N/A | 7.5 HIGH | ||
| An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass. | |||||
| CVE-2024-24028 | 2024-11-07 | N/A | 5.9 MEDIUM | ||
| Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. | |||||
| CVE-2024-51358 | 2024-11-07 | N/A | 9.8 CRITICAL | ||
| An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. | |||||
| CVE-2023-31456 | 2024-11-07 | N/A | 5.4 MEDIUM | ||
| There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authenticated user. | |||||
| CVE-2024-33250 | 2024-11-07 | N/A | 7.2 HIGH | ||
| An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request. | |||||
| CVE-2024-51665 | 1 Wpthemespace | 1 Magical Addons For Elementor | 2024-11-06 | N/A | 4.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1. | |||||
| CVE-2024-51408 | 1 Appsmith | 1 Appsmith | 2024-11-06 | N/A | 6.5 MEDIUM |
| AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. | |||||
| CVE-2024-48052 | 2024-11-06 | N/A | 6.5 MEDIUM | ||
| In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resources and sensitive information. | |||||
| CVE-2024-39637 | 2024-11-04 | N/A | 5.4 MEDIUM | ||
| Server Side Request Forgery (SSRF) vulnerability in Pixelcurve Edubin edubin.This issue affects Edubin: from n/a through 9.2.0. | |||||
| CVE-2024-48360 | 2024-11-01 | N/A | 7.5 HIGH | ||
| Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. | |||||
| CVE-2024-20332 | 2024-11-01 | N/A | 5.5 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials. | |||||
| CVE-2024-48346 | 2024-11-01 | N/A | 6.1 MEDIUM | ||
| xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems. | |||||
| CVE-2024-51242 | 2024-11-01 | N/A | 6.5 MEDIUM | ||
| A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF. | |||||
| CVE-2024-45518 | 1 Zimbra | 1 Collaboration | 2024-10-30 | N/A | 8.8 HIGH |
| An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE). | |||||
| CVE-2024-48232 | 2024-10-30 | N/A | 4.9 MEDIUM | ||
| An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF) vulnerability that can read server files. | |||||
| CVE-2024-48178 | 2024-10-30 | N/A | 8.1 HIGH | ||
| newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter. | |||||
| CVE-2024-48107 | 2024-10-30 | N/A | 6.5 MEDIUM | ||
| SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server. | |||||