Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-1272
A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote malicious user to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to...
Cisco Data Center Network Manager
8.2
CVSSv3
CVE-2017-10246
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network acc...
Oracle Application Object Library 12.2.6
Oracle Application Object Library 12.2.3
Oracle Application Object Library 12.2.4
Oracle Application Object Library 12.2.5
Oracle Application Object Library 12.1.3
1 EDB exploit
6.1
CVSSv3
CVE-2017-9506
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote malicious users to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SS...
Atlassian Oauth 1.3.3
Atlassian Oauth 1.3.4
Atlassian Oauth 1.3.5
Atlassian Oauth 1.3.6
Atlassian Oauth 1.6.0
Atlassian Oauth 1.6.1
Atlassian Oauth 1.7.0
Atlassian Oauth 1.8.0
Atlassian Oauth 1.9.5
Atlassian Oauth 1.9.6
Atlassian Oauth 1.9.7
Atlassian Oauth 1.9.8
Atlassian Oauth 1.4.0
Atlassian Oauth 1.4.1
Atlassian Oauth 1.5.0
Atlassian Oauth 1.8.4
Atlassian Oauth 1.8.5
Atlassian Oauth 1.9.0
Atlassian Oauth 2.0.1
Atlassian Oauth 2.0.2
Atlassian Oauth 2.0.3
Atlassian Oauth 1.3.0
6 Github repositories
NA
CVE-2020-161712
Acronis Cyber Backup version 12.5 Build 16341 suffers from a server-side request forgery vulnerability.
NA
CVE-2020-161712020
Acronis Cyber Backup version 12.5 Build 16341 suffers from a server-side request forgery vulnerability.
5.3
CVSSv3
CVE-2019-15021
A security vulnerability exists in the Zingbox Inspector versions 1.294 and previous versions, that can allow an malicious user to easily identify instances of Zingbox Inspectors in a local area network.
Zingbox Inspector
5.5
CVSSv3
CVE-2023-22817
Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was ad...
Westerndigital My Cloud Pr2100 Firmware
Westerndigital My Cloud Pr4100 Firmware
Westerndigital My Cloud Ex4100 Firmware
Westerndigital My Cloud Ex2 Ultra Firmware
Westerndigital My Cloud Mirror G2 Firmware
Westerndigital My Cloud Dl2100 Firmware
Westerndigital My Cloud Dl4100 Firmware
Westerndigital My Cloud Ex2100 Firmware
Westerndigital My Cloud Glacier Firmware
Westerndigital Wd Cloud Firmware
Westerndigital My Cloud Home Firmware
Westerndigital My Cloud Home Duo Firmware
Westerndigital Sandisk Ibi Firmware
5.3
CVSSv3
CVE-2021-25241
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.
Trendmicro Apex One 2019
Trendmicro Worry-free Business Security 10.0
9.9
CVSSv3
CVE-2021-33690
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who h...
Sap Netweaver Development Infrastructure 7.11
Sap Netweaver Development Infrastructure 7.20
Sap Netweaver Development Infrastructure 7.30
Sap Netweaver Development Infrastructure 7.31
Sap Netweaver Development Infrastructure 7.40
Sap Netweaver Development Infrastructure 7.50
1 Github repository
9.8
CVSSv3
CVE-2021-24472
The OnAir2 WordPress theme prior to 3.9.9.2 and QT KenthaRadio WordPress plugin prior to 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would a...
Qantumthemes Kentharadio
Qantumthemes Onair2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »