Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
511
VMScore
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server
Zimbra Collaboration Server 8.6.0
Zimbra Collaboration Server 8.7.11
Zimbra Collaboration Server 8.8.10
Zimbra Collaboration Server 8.8.11
2 EDB exploits
2 Github repositories
NA
CVE-2023-28288
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Sharepoint Foundation 2013
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server 2013
Microsoft Sharepoint Server 2016
Microsoft Sharepoint Server -
1 EDB exploit
448
VMScore
CVE-2021-21973
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leadi...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
10 Github repositories
1 Article
571
VMScore
CVE-2020-16171
An issue exists in Acronis Cyber Backup prior to 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused ...
Acronis Cyber Backup
Acronis Cyber Backup 12.5
446
VMScore
CVE-2020-6308
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated malicious user to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful...
Sap Businessobjects Business Intelligence Platform 4.3
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
3 Github repositories
NA
CVE-2023-35175
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.
Hp Laserjet Pro Mfp M478-m479 W1a75a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a76a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a77a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a78a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a79a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a80a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a81a Firmware
Hp Laserjet Pro Mfp M478-m479 W1a82a Firmware
Hp Laserjet Pro M453-m454 W1y40a Firmware
Hp Laserjet Pro M453-m454 W1y41a Firmware
Hp Laserjet Pro M453-m454 W1y43a Firmware
Hp Laserjet Pro M453-m454 W1y44a Firmware
Hp Laserjet Pro M453-m454 W1y45a Firmware
Hp Laserjet Pro M453-m454 W1y46a Firmware
Hp Laserjet Pro M453-m454 W1y47a Firmware
Hp Laserjet Pro M304-m305 W1a46a Firmware
Hp Laserjet Pro M304-m305 W1a47a Firmware
Hp Laserjet Pro M304-m305 W1a48a Firmware
Hp Laserjet Pro M304-m305 W1a66a Firmware
Hp Laserjet Pro M404-m405 93m22a Firmware
Hp Laserjet Pro M404-m405 W1a51a Firmware
Hp Laserjet Pro M404-m405 W1a52a Firmware
446
VMScore
CVE-2020-26258
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote malicious user to request data from internal resources tha...
Xstream Project Xstream
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
3 Github repositories
NA
CVE-2023-48023
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
Anyscale Ray 2.8.0
Anyscale Ray 2.6.3
2 Articles
356
VMScore
CVE-2019-18846
OX App Suite up to and including 7.10.2 allows SSRF.
Open-xchange Open-xchange Appsuite
NA
CVE-2022-22982
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »