Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2022-24129
The OIDC OP plugin prior to 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows malicious users to interact with arbitrary third-party HTTP services.
Shibboleth Oidc Op
8.1
CVSSv3
CVE-2023-28288
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Sharepoint Foundation 2013
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server 2013
Microsoft Sharepoint Server 2016
Microsoft Sharepoint Server -
1 EDB exploit
5.3
CVSSv3
CVE-2021-21973
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leadi...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
10 Github repositories
1 Article
5.3
CVSSv3
CVE-2020-6308
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated malicious user to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.3
3 Github repositories
7.7
CVSSv3
CVE-2020-26258
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote malicious user to request data from internal resources tha...
Xstream Project Xstream
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
3 Github repositories
5
CVSSv3
CVE-2019-18846
OX App Suite up to and including 7.10.2 allows SSRF.
Open-xchange Open-xchange Appsuite
9.8
CVSSv3
CVE-2023-35175
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.
Hp Laserjet Pro Mfp M478-m479 W1a75a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a76a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a77a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a78a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a79a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a80a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a81a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a82a Firmware
Hp Laserjet Pro M453-m454 W1y40a Firmware
Hp Laserjet Pro M453-m454 W1y41a Firmware
Hp Laserjet Pro M453-m454 W1y43a Firmware
Hp Laserjet Pro M453-m454 W1y44a Firmware
Hp Laserjet Pro M453-m454 W1y45a Firmware
Hp Laserjet Pro M453-m454 W1y46a Firmware
Hp Laserjet Pro M453-m454 W1y47a Firmware
Hp Laserjet Pro M304-m305 W1a46a Firmware
Hp Laserjet Pro M304-m305 W1a47a Firmware
Hp Laserjet Pro M304-m305 W1a48a Firmware
Hp Laserjet Pro M304-m305 W1a66a Firmware
Hp Laserjet Pro M404-m405 93m22a Firmware
Hp Laserjet Pro M404-m405 W1a51a Firmware
Hp Laserjet Pro M404-m405 W1a52a Firmware
9.1
CVSSv3
CVE-2023-48023
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
Anyscale Ray 2.8.0
Anyscale Ray 2.6.3
2 Articles
7.5
CVSSv3
CVE-2022-22982
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
9.8
CVSSv3
CVE-2019-9827
Hawt Hawtio up to and including 2.5.0 is vulnerable to SSRF, allowing a remote malicious user to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
Hawt Hawtio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »