Total
1195 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29309 | 1 Mysiteforme Project | 1 Mysiteforme | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | |||||
CVE-2022-24568 | 1 Xxyopen | 1 Novel-plus | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | |||||
CVE-2022-0528 | 1 Transloadit | 1 Uppy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1. | |||||
CVE-2022-0768 | 1 Alltubedownload | 1 Alltube | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. | |||||
CVE-2022-1711 | 1 Diagrams | 1 Drawio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. | |||||
CVE-2022-0249 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. | |||||
CVE-2022-1037 | 1 Villatheme | 1 Exmage | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs | |||||
CVE-2022-24449 | 1 Rt-solar | 1 Solar Appscreener | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. | |||||
CVE-2022-1784 | 1 Diagrams | 1 Drawio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. | |||||
CVE-2022-24969 | 1 Apache | 1 Dubbo | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | |||||
CVE-2022-0767 | 1 Calibre-web Project | 1 Calibre-web | 2024-02-28 | 7.5 HIGH | 9.9 CRITICAL |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
CVE-2022-1398 | 1 External Media Without Import Project | 1 External Media Without Import | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks | |||||
CVE-2022-29942 | 1 Talend | 1 Administration Center | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. | |||||
CVE-2022-1723 | 1 Diagrams | 1 Drawio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | |||||
CVE-2022-1285 | 1 Gogs | 1 Gogs | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | |||||
CVE-2022-0939 | 1 Calibre-web Project | 1 Calibre-web | 2024-02-28 | 7.5 HIGH | 9.9 CRITICAL |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | |||||
CVE-2022-24871 | 1 Shopware | 1 Shopware | 2024-02-28 | 5.5 MEDIUM | 5.5 MEDIUM |
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue. | |||||
CVE-2022-25260 | 1 Jetbrains | 1 Hub | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | |||||
CVE-2022-1815 | 1 Diagrams | 1 Drawio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. | |||||
CVE-2022-0990 | 1 Calibre-web Project | 1 Calibre-web | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. |