CWE-918
2,678 CVEs • Abstraction: Base
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVEs (2,678)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. |
1F5 2Big Ip Advanced Web Application Firewall Big Ip Application Security ManagerNov 21, 2024 Sep 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WA...Show more |
1Bab Technologie 1Eibport Firmware Nov 21, 2024 Sep 9, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server. |
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation. |
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. |
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the discl...Show more |
bookstack is vulnerable to Server-Side Request Forgery (SSRF) |
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. |
1Adobe 2Adobe Commerce Magento Open SourceNov 21, 2024 Sep 1, 2021 N/A· v4 6.6 MEDIUM· v3 6.0 MEDIUM· v2 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse t...Show more |
1Vmware 3Cloud Foundation Vrealize Operations ManagerVrealize Suite Lifecycle ManagerNov 21, 2024 Aug 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a S...Show more |
1Vmware 3Cloud Foundation Vrealize Operations ManagerVrealize Suite Lifecycle ManagerNov 21, 2024 Aug 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a S...Show more |
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources. |
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocke...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreMay 23, 2025 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by...Show more |
5Debian FedoraprojectNetapp+2 more15Business Activity Monitoring Commerce Guided SearchCommunications Billing And Revenue Management Elastic Charging Engine+12 moreMay 23, 2025 Aug 23, 2021 N/A· v4 8.5 HIGH· v3 6.0 MEDIUM· v2 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by...Show more |
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPor...Show more |
SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address. |
Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding...Show more |
1Nagios 1Nagios Xi Docker Wizard Nov 21, 2024 Aug 13, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. |
1Fortinet 2Fortianalyzer FortimanagerNov 21, 2024 Aug 5, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker...Show more |