Vulnerabilities (CVE)

Filtered by CWE-918
Total 1165 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25777 2024-09-20 N/A 6.5 MEDIUM
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
CVE-2024-42352 1 Nuxt 1 Nuxt 2024-09-19 N/A 7.5 HIGH
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. The `new URL` constructor is used to parse the final path. This constructor can be passed a relative scheme or path in order to change the host the request is sent to. This constructor is also very tolerant of poorly formatted URLs. As a result we can pass a path prefixed with the string `http:`. This has the effect of changing the scheme to HTTP. We can then subsequently pass a new host, for example `http:127.0.0.1:8080`. This would allow us to send requests to a local server. This issue has been addressed in release version 1.4.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2021-38132 1 Microfocus 1 Edirectory 2024-09-18 N/A 9.8 CRITICAL
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
CVE-2024-37157 1 Discourse 1 Discourse 2024-09-18 N/A 5.3 MEDIUM
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available.
CVE-2024-8635 1 Gitlab 1 Gitlab 2024-09-14 N/A 6.5 MEDIUM
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL
CVE-2023-45966 1 Remark42 1 Remark42 2024-09-12 N/A 7.5 HIGH
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.
CVE-2024-41737 1 Sap 1 Crm Abap Insights Management 2024-09-12 N/A 5.0 MEDIUM
SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
CVE-2024-22217 1 Terminalfour 1 Terminalfour 2024-09-11 N/A 6.5 MEDIUM
A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.
CVE-2023-37230 2024-09-10 N/A 8.8 HIGH
Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.
CVE-2023-37229 2024-09-10 N/A 8.8 HIGH
Loftware Spectrum before 5.1 allows SSRF.
CVE-2023-46502 1 Opencrx 1 Opencrx 2024-09-09 N/A 9.8 CRITICAL
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
CVE-2024-44721 2024-09-09 N/A 9.8 CRITICAL
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.
CVE-2024-37171 1 Sap 2 Saptmui, Transportation Management 2024-09-09 N/A 5.0 MEDIUM
SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that service. The information obtained could be used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. There is no effect on integrity or availability of the application.
CVE-2024-34689 1 Sap 2 Business Workflow, Sap Basis 2024-09-09 N/A 5.0 MEDIUM
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
CVE-2024-40718 2024-09-09 N/A 8.8 HIGH
A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability.
CVE-2024-39713 1 Rocket.chat 1 Rocket.chat 2024-09-06 N/A 8.6 HIGH
A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.
CVE-2024-24759 1 Mindsdb 1 Mindsdb 2024-09-06 N/A 9.1 CRITICAL
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
CVE-2024-45507 1 Apache 1 Ofbiz 2024-09-05 N/A 9.8 CRITICAL
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
CVE-2024-36448 1 Apache 1 Iotdb Workbench 2024-08-30 N/A 7.3 HIGH
** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-27565 2024-08-29 N/A 9.8 CRITICAL
A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests.