Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2023-52331
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an malicious user to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the targe...
Trendmicro Apex Central 2019
6.5
CVSSv3
CVE-2017-3546
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network...
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Peoplesoft Enterprise Peopletools 8.54
1 EDB exploit
NA
CVE-2024-4561
In WhatsUp Gold versions released prior to 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an malicious user to send arbitrary HTTP requests on behalf of the vulnerable server.
NA
CVE-2024-4562
In WhatsUp Gold versions released prior to 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads t...
8.8
CVSSv3
CVE-2022-22993
A limited SSRF vulnerability exists on Western Digital My Cloud devices that could allow an malicious user to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
Westerndigital My Cloud Os
8.8
CVSSv3
CVE-2018-1000600
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and previous versions in GitHubTokenCredentialsCreator.java that allows malicious users to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ...
Jenkins Github
5.3
CVSSv3
CVE-2019-1872
A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote malicious user to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on n...
Cisco Telepresence Video Communication Server
5.3
CVSSv3
CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5.3
CVSSv3
CVE-2020-28977
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5.3
CVSSv3
CVE-2020-28978
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »