Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,678)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-27217 - - Aug 22, 2025 Aug 21, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.
CVE-2025-1142 1Ibm 1Edge Application Manager Sep 3, 2025 Aug 20, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or...Show more IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.Show less
CVE-2025-54925 - - Aug 20, 2025 Aug 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.
CVE-2025-54924 - - Aug 20, 2025 Aug 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.
CVE-2025-5260 - - Jun 5, 2026 Aug 20, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5.
CVE-2024-39954 1Apache 1Eventmesh Aug 21, 2025 Aug 20, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. User...Show more CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.Show less
CVE-2025-54234 1Adobe 1Coldfusion Nov 6, 2025 Aug 18, 2025 N/A· v4 2.7 LOW· v3 N/A· v2 ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force t...Show more ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.Show less
CVE-2025-8675 1Ai Seo Link Advisor Project 1Ai Seo Link Advisor Aug 21, 2025 Aug 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.
CVE-2025-8013 - - Aug 15, 2025 Aug 15, 2025 N/A· v4 3.8 LOW· v3 N/A· v2 The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticate...Show more The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Show less
CVE-2025-8680 - - Aug 15, 2025 Aug 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it possible for authentic...Show more The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.Show less
CVE-2025-53241 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11.
CVE-2025-28987 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 6.4 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through <= 5.9.5.
CVE-2025-50251 - - Aug 13, 2025 Aug 13, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
CVE-2025-53760 1Microsoft 1Sharepoint Server Aug 15, 2025 Aug 12, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2025-7622 1Axis 2Camera Station Camera Station Pro Jan 13, 2026 Aug 12, 2025 5.1 MEDIUM· v4 5.7 MEDIUM· v3 N/A· v2 During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
CVE-2025-55161 1Stirlingpdf 1Stirling Pdf Aug 15, 2025 Aug 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a...Show more Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.Show less
CVE-2025-55151 1Stirlingpdf 1Stirling Pdf Aug 15, 2025 Aug 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert too...Show more Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0.Show less
CVE-2025-55150 1Stirlingpdf 1Stirling Pdf Aug 15, 2025 Aug 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-p...Show more Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.Show less
CVE-2025-25235 - - Aug 12, 2025 Aug 11, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal ne...Show more Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.Show less
CVE-2025-25229 - - Aug 12, 2025 Aug 11, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration...Show more Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources.Show less

Previous 1...495051...134 Next