Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-16171
An issue exists in Acronis Cyber Backup prior to 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused ...
Acronis Cyber Backup
Acronis Cyber Backup 12.5
8.2
CVSSv3
CVE-2017-10246
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network acc...
Oracle Application Object Library 12.2.6
Oracle Application Object Library 12.2.3
Oracle Application Object Library 12.2.4
Oracle Application Object Library 12.2.5
Oracle Application Object Library 12.1.3
1 EDB exploit
5.4
CVSSv3
CVE-2023-38624
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an malicious user to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low...
Trendmicro Apex Central 2019
5.3
CVSSv3
CVE-2021-25236
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.
Trendmicro Officescan Xg
Trendmicro Worry-free Business Security 10.0
6.1
CVSSv3
CVE-2017-9506
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote malicious users to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SS...
Atlassian Oauth 1.3.3
Atlassian Oauth 1.3.4
Atlassian Oauth 1.3.5
Atlassian Oauth 1.3.6
Atlassian Oauth 1.6.0
Atlassian Oauth 1.6.1
Atlassian Oauth 1.7.0
Atlassian Oauth 1.8.0
Atlassian Oauth 1.9.5
Atlassian Oauth 1.9.6
Atlassian Oauth 1.9.7
Atlassian Oauth 1.9.8
Atlassian Oauth 1.4.0
Atlassian Oauth 1.4.1
Atlassian Oauth 1.5.0
Atlassian Oauth 1.8.4
Atlassian Oauth 1.8.5
Atlassian Oauth 1.9.0
Atlassian Oauth 2.0.1
Atlassian Oauth 2.0.2
Atlassian Oauth 2.0.3
Atlassian Oauth 1.3.0
6 Github repositories
7.5
CVSSv3
CVE-2023-46262
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
Ivanti Avalanche
5.5
CVSSv3
CVE-2023-22817
Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was ad...
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Glacier Firmware
Westerndigital Wd Cloud Firmware
Westerndigital My Cloud Home Firmware
Westerndigital My Cloud Home Duo Firmware
Westerndigital Sandisk Ibi Firmware
4.8
CVSSv3
CVE-2020-15004
OX App Suite up to and including 7.10.3 allows stats/diagnostic?param= XSS.
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
5
CVSSv3
CVE-2020-15002
OX App Suite up to and including 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
Open-xchange Open-xchange Appsuite
4.3
CVSSv3
CVE-2020-15003
OX App Suite up to and including 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »