CWE-918
2,678 CVEs • Abstraction: Base
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVEs (2,678)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Zohocorp 1Manageengine Servicedesk Plus Msp May 30, 2025 Jun 29, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). |
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. |
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the req...Show more |
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. |
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. |
1Ibm 1Security Identity Manager Nov 21, 2024 Jun 16, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data....Show more |
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands o...Show more |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even...Show more |
Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). |
1Microsoft 2Sharepoint Foundation Sharepoint ServerNov 21, 2024 Jun 8, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Microsoft SharePoint Server Spoofing Vulnerability |
2Djangoproject Fedoraproject2Django FedoraNov 21, 2024 Jun 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of...Show more |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacke...Show more |
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read. |
1Ibm 9Collaborative Lifecycle Management Engineering Lifecycle ManagementEngineering Lifecycle Optimization Engineering Insights+6 moreNov 21, 2024 Jun 2, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...Show more |
1Ibm 9Collaborative Lifecycle Management Engineering Lifecycle ManagementEngineering Lifecycle Optimization Engineering Insights+6 moreNov 21, 2024 Jun 2, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...Show more |
1Ibm 9Collaborative Lifecycle Management Engineering Lifecycle ManagementEngineering Lifecycle Optimization Engineering Insights+6 moreNov 21, 2024 Jun 2, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...Show more |
1Ibm 9Collaborative Lifecycle Management Engineering Lifecycle ManagementEngineering Lifecycle Optimization Engineering Insights+6 moreNov 21, 2024 Jun 2, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...Show more |
1Ibm 9Collaborative Lifecycle Management Engineering Lifecycle ManagementEngineering Lifecycle Optimization Engineering Insights+6 moreNov 21, 2024 Jun 2, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...Show more |
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. |
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. |