Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,679)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-29446 1Openwebui 1Open Webui May 28, 2025 Apr 21, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.
CVE-2025-28197 1Kidocode 1Crawl4ai Jun 23, 2025 Apr 18, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
CVE-2025-3787 1Pbootcms 1Pbootcms Apr 23, 2025 Apr 18, 2025 5.1 MEDIUM· v4 6.5 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to...Show more A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-29461 1Appleple 1A Blogcms Aug 21, 2025 Apr 17, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.
CVE-2025-29460 1Mybb 1Mybb Apr 25, 2025 Apr 17, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mi...Show more An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.Show less
CVE-2025-29459 1Mybb 1Mybb Jun 27, 2025 Apr 17, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigati...Show more An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.Show less
CVE-2025-29458 1Mybb 1Mybb Apr 24, 2025 Apr 17, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF...Show more An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.Show less
CVE-2025-29457 1Mybb 1Mybb Apr 24, 2025 Apr 17, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSR...Show more An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.Show less
CVE-2025-29456 1Personal Management System 1Personal Management System Apr 22, 2025 Apr 17, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.
CVE-2025-29453 1Personal Management System 1Personal Management System Apr 22, 2025 Apr 17, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.
CVE-2025-29455 1Personal Management System 1Personal Management System Apr 22, 2025 Apr 17, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.
CVE-2025-29454 1Personal Management System 1Personal Management System Apr 22, 2025 Apr 17, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.
CVE-2025-29452 1Seopanel 1Seo Panel Apr 23, 2025 Apr 17, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.
CVE-2025-29451 1Seopanel 1Seo Panel Apr 23, 2025 Apr 17, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.
CVE-2025-29450 1Lm21 1Twonav Apr 23, 2025 Apr 17, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.
CVE-2025-29449 1Lm21 1Twonav Apr 25, 2025 Apr 17, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.
CVE-2024-56736 1Apache 1Hertzbeat Apr 23, 2025 Apr 16, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.
CVE-2025-3691 1Mirweiye 1Seven Bears Library Cms Apr 24, 2025 Apr 16, 2025 5.1 MEDIUM· v4 5.3 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request...Show more A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-32102 1Crushftp 1Crushftp Nov 3, 2025 Apr 15, 2025 N/A· v4 5.0 MEDIUM· v3 N/A· v2 CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.
CVE-2025-30964 - - Apr 23, 2026 Apr 15, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Photography photography allows Server Side Request Forgery.This issue affects Photography: from n/a through < 7.7.6.

Previous 1...575859...134 Next