Total
1195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27311 | 1 Gibbon Project | 1 Gibbon | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. | |||||
| CVE-2022-27429 | 1 Jizhicms | 1 Jizhicms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | |||||
| CVE-2022-23668 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability. | |||||
| CVE-2022-0425 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.5 MEDIUM | 7.6 HIGH |
| A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. | |||||
| CVE-2022-0085 | 1 Dompdf Project | 1 Dompdf | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | |||||
| CVE-2021-43954 | 1 Atlassian | 2 Crucible, Fisheye | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2022-26499 | 2 Debian, Digium | 2 Debian Linux, Asterisk | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. | |||||
| CVE-2021-40822 | 1 Osgeo | 1 Geoserver | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | |||||
| CVE-2022-24980 | 1 Kitodo | 1 Kitodo.presentation | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to view the content of any file or webpage the webserver has access to. | |||||
| CVE-2022-25850 | 1 Proxyscotch Project | 1 Proxyscotch | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server. | |||||
| CVE-2020-22983 | 1 Microstrategy | 1 Microstrategy Web | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | |||||
| CVE-2022-1713 | 1 Diagrams | 1 Drawio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. | |||||
| CVE-2020-27375 | 1 Drtrustusa | 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
| Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars. | |||||
| CVE-2022-22339 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 6.5 MEDIUM | 7.3 HIGH |
| IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. | |||||
| CVE-2022-27469 | 1 Monstaftp | 1 Monsta Ftp | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-27245 | 1 Misp | 1 Misp | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. | |||||
| CVE-2022-2216 | 1 Parse-url Project | 1 Parse-url | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. | |||||
| CVE-2022-0591 | 1 Subtlewebinc | 1 Formcraft3 | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users | |||||
| CVE-2022-31827 | 1 Monstaftp | 1 Monstaftp | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. | |||||
| CVE-2022-1379 | 2 Fedoraproject, Plantuml | 2 Fedora, Plantuml | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers. | |||||