Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssrf vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-37313
OX App Suite up to and including 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.10.5
Open-xchange Open-xchange Appsuite 7.10.6
NA
CVE-2024-27347
Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 prior to 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.
NA
CVE-2024-28752
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF prior to 4.0.4, 3.6.3 and 3.5.8 allows an malicious user to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default datab...
8.2
CVSSv3
CVE-2020-11988
Apache XmlGraphics Commons 2.4 and previous versions is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbi...
Apache Xmlgraphics Commons
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Apache Solr
1 Github repository
NA
CVE-2024-34365
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative o...
9.1
CVSSv3
CVE-2017-1000190
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
Simplexml Project Simplexml 2.7.1
1 Github repository
7.5
CVSSv3
CVE-2023-50968
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.1...
Apache Ofbiz
6.5
CVSSv3
CVE-2017-3546
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network...
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Peoplesoft Enterprise Peopletools 8.54
1 EDB exploit
5.4
CVSSv3
CVE-2020-8542
OX App Suite up to and including 7.10.3 allows XSS.
Open-xchange Open-xchange Appsuite 7.10.1
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »