Total
1195 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-3448 | 2024-04-10 | N/A | 5.0 MEDIUM | ||
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available. | |||||
CVE-2023-40148 | 2024-04-10 | N/A | 6.5 MEDIUM | ||
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. | |||||
CVE-2023-22936 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 6.3 MEDIUM |
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. | |||||
CVE-2024-27898 | 2024-04-09 | N/A | 5.3 MEDIUM | ||
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. | |||||
CVE-2024-31288 | 2024-04-08 | N/A | 7.2 HIGH | ||
Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11. | |||||
CVE-2024-31215 | 2024-04-04 | N/A | 6.3 MEDIUM | ||
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8. | |||||
CVE-2024-29007 | 2024-04-04 | N/A | N/A | ||
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue. | |||||
CVE-2024-20332 | 2024-04-03 | N/A | 5.5 MEDIUM | ||
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials. | |||||
CVE-2024-30532 | 2024-04-02 | N/A | 4.9 MEDIUM | ||
Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.This issue affects Builderall Builder for WordPress: from n/a through 2.0.1. | |||||
CVE-2024-30531 | 2024-04-02 | N/A | 4.9 MEDIUM | ||
Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through 3.2.0. | |||||
CVE-2024-24888 | 2024-04-02 | N/A | 6.4 MEDIUM | ||
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.25. | |||||
CVE-2024-30453 | 2024-04-01 | N/A | 5.4 MEDIUM | ||
Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5. | |||||
CVE-2024-27775 | 2024-03-28 | N/A | 7.2 HIGH | ||
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash | |||||
CVE-2023-36679 | 2024-03-28 | N/A | 7.1 HIGH | ||
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. | |||||
CVE-2024-23500 | 2024-03-28 | N/A | 7.7 HIGH | ||
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19. | |||||
CVE-2023-34370 | 2024-03-28 | N/A | 7.1 HIGH | ||
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4. | |||||
CVE-2023-39313 | 2024-03-28 | N/A | 7.7 HIGH | ||
Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | |||||
CVE-2023-50374 | 2024-03-28 | N/A | 5.5 MEDIUM | ||
Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10. | |||||
CVE-2024-29190 | 2024-03-25 | N/A | 7.5 HIGH | ||
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue. | |||||
CVE-2024-27927 | 2024-03-21 | N/A | 6.5 MEDIUM | ||
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request. |