Total
1256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25262 | 1 Stimulsoft | 1 Designer | 2024-11-21 | N/A | 7.5 HIGH |
| Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather than the client. Therefore, the server causes outbound traffic and potentially imports data. An attacker may also leverage this behaviour to exfiltrate data of machines on the internal network of the server hosting the Stimulsoft Reporting Designer (Web). | |||||
| CVE-2023-25230 | 1 Loonflow Project | 1 Loonflow | 2024-11-21 | N/A | 4.9 MEDIUM |
| A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter. | |||||
| CVE-2023-25195 | 1 Apache | 1 Fineract | 2024-11-21 | N/A | 8.1 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3. | |||||
| CVE-2023-25162 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-24954 | 1 Microsoft | 14 Sharepoint Enterprise Server, Sharepoint Server, Windows 10 1507 and 11 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2023-24623 | 1 Paranoidhttp Project | 1 Paranoidhttp | 2024-11-21 | N/A | 7.5 HIGH |
| Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. | |||||
| CVE-2023-24622 | 1 Includesecurity | 1 Safeurl-python | 2024-11-21 | N/A | 5.3 MEDIUM |
| isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. | |||||
| CVE-2023-24515 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 5.2 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2023-24495 | 1 Tenable | 1 Tenable.sc | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly. | |||||
| CVE-2023-24243 | 1 Cdata | 1 Arc | 2024-11-21 | N/A | 7.5 HIGH |
| CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). | |||||
| CVE-2023-24060 | 1 Havenweb | 1 Haven | 2024-11-21 | N/A | 5.0 MEDIUM |
| Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch. | |||||
| CVE-2023-23955 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2024-11-21 | N/A | 8.1 HIGH |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | |||||
| CVE-2023-23943 | 1 Nextcloud | 1 Mail | 2024-11-21 | N/A | 5.0 MEDIUM |
| Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app. | |||||
| CVE-2023-23560 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. | |||||
| CVE-2023-23169 | 1 Synapsoft | 1 Pdfocus | 2024-11-21 | N/A | 6.5 MEDIUM |
| Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | |||||
| CVE-2023-22936 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 6.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. | |||||
| CVE-2023-22817 | 1 Westerndigital | 26 My Cloud Dl2100, My Cloud Dl2100 Firmware, My Cloud Dl4100 and 23 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104. | |||||
| CVE-2023-22493 | 1 Rsshub | 1 Rsshub | 2024-11-21 | N/A | 8.8 HIGH |
| RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf. | |||||
| CVE-2023-21761 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft Exchange Server Information Disclosure Vulnerability | |||||
| CVE-2023-20062 | 1 Cisco | 4 Packaged Contact Center Enterprise, Unified Contact Center Enterprise, Unified Contact Center Express and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. | |||||