Total
1193 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8635 | 1 Gitlab | 1 Gitlab | 2024-09-14 | N/A | 6.5 MEDIUM |
| A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL | |||||
| CVE-2024-6587 | 2024-09-13 | N/A | 7.5 HIGH | ||
| A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key. | |||||
| CVE-2021-38132 | 2024-09-12 | N/A | 5.3 MEDIUM | ||
| Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | |||||
| CVE-2023-45966 | 1 Remark42 | 1 Remark42 | 2024-09-12 | N/A | 7.5 HIGH |
| umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2024-41737 | 1 Sap | 1 Crm Abap Insights Management | 2024-09-12 | N/A | 5.0 MEDIUM |
| SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. | |||||
| CVE-2024-22217 | 1 Terminalfour | 1 Terminalfour | 2024-09-11 | N/A | 6.5 MEDIUM |
| A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on. | |||||
| CVE-2023-37230 | 2024-09-10 | N/A | 8.8 HIGH | ||
| Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF. | |||||
| CVE-2023-37229 | 2024-09-10 | N/A | 8.8 HIGH | ||
| Loftware Spectrum before 5.1 allows SSRF. | |||||
| CVE-2023-46502 | 1 Opencrx | 1 Opencrx | 2024-09-09 | N/A | 9.8 CRITICAL |
| An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. | |||||
| CVE-2024-44721 | 2024-09-09 | N/A | 9.8 CRITICAL | ||
| SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. | |||||
| CVE-2024-37171 | 1 Sap | 2 Saptmui, Transportation Management | 2024-09-09 | N/A | 5.0 MEDIUM |
| SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that service. The information obtained could be used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. There is no effect on integrity or availability of the application. | |||||
| CVE-2024-34689 | 1 Sap | 2 Business Workflow, Sap Basis | 2024-09-09 | N/A | 5.0 MEDIUM |
| WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. | |||||
| CVE-2024-40718 | 2024-09-09 | N/A | 8.8 HIGH | ||
| A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. | |||||
| CVE-2024-39713 | 1 Rocket.chat | 1 Rocket.chat | 2024-09-06 | N/A | 8.6 HIGH |
| A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. | |||||
| CVE-2024-24759 | 1 Mindsdb | 1 Mindsdb | 2024-09-06 | N/A | 9.1 CRITICAL |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. | |||||
| CVE-2024-45507 | 1 Apache | 1 Ofbiz | 2024-09-05 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | |||||
| CVE-2024-36448 | 1 Apache | 1 Iotdb Workbench | 2024-08-30 | N/A | 7.3 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-27565 | 2024-08-29 | N/A | 9.8 CRITICAL | ||
| A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests. | |||||
| CVE-2024-27563 | 2024-08-29 | N/A | 6.5 MEDIUM | ||
| A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | |||||
| CVE-2024-39598 | 1 Sap | 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui | 2024-08-29 | N/A | 7.7 HIGH |
| SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. | |||||