Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,678)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-22416 1Ibm 2Partner Engagement Manager Partner Engagement Manager On Cloud/saas Nov 21, 2024 Jul 19, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potenti...Show more IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.Show less
CVE-2022-25801 1Bestpractical 1Request Tracker For Incident Response Nov 21, 2024 Jul 14, 2022 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.
CVE-2022-25800 1Bestpractical 1Request Tracker For Incident Response Nov 21, 2024 Jul 14, 2022 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.
CVE-2022-22982 1Vmware 2Cloud Foundation Vcenter Server Nov 21, 2024 Jul 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Serv...Show more The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.Show less
CVE-2022-2339 1Nocodb 1Nocodb Aug 26, 2025 Jul 7, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
CVE-2022-25876 1Link Preview Js Project 1Link Preview Js Nov 21, 2024 Jul 1, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebin...Show more The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.Show less
CVE-2022-26135 1Atlassian 4Jira Data Center Jira ServerJira Service Desk+1 more Nov 21, 2024 Jun 30, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch en...Show more A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.Show less
CVE-2022-0085 1Dompdf Project 1Dompdf Nov 21, 2024 Jun 28, 2022 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
CVE-2017-20106 1Khoros 1Lithium Forum Nov 21, 2024 Jun 28, 2022 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url...Show more A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.Show less
CVE-2022-32995 1Halo 1Halo Nov 21, 2024 Jun 27, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
CVE-2022-2216 1Parse Url Project 1Parse Url Nov 21, 2024 Jun 27, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.
CVE-2022-1977 1Smackcoders 1Import All Pages, Post Types, Products, Orders, And Users As Xml & Csv Nov 21, 2024 Jun 27, 2022 N/A· v4 7.2 HIGH· v3 6.0 MEDIUM· v2 The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege us...Show more The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacksShow less
CVE-2021-20544 1Ibm 1Jazz Team Server Nov 21, 2024 Jun 24, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading...Show more IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.Show less
CVE-2021-20421 1Ibm 1Jazz Team Server Nov 21, 2024 Jun 24, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading...Show more IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.Show less
CVE-2022-34013 1Zhyd 1Oneblog Nov 21, 2024 Jun 23, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.
CVE-2022-34011 1Zhyd 1Oneblog Nov 21, 2024 Jun 23, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.
CVE-2022-23080 1Rangerstudio 1Directus Nov 21, 2024 Jun 22, 2022 N/A· v4 5.0 MEDIUM· v3 4.0 MEDIUM· v2 In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.
CVE-2021-36761 1Qlik 1Qlik Sense Nov 21, 2024 Jun 21, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.
CVE-2022-23071 1Tandoor 1Recipes Nov 21, 2024 Jun 19, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read th...Show more In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.Show less
CVE-2021-41403 1Flatcore 1Flatcore Cms Nov 21, 2024 Jun 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.

Previous 1...101102103...134 Next