Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-22027
The vRealize Operations Manager API (8.x before 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information discl...
Vmware Cloud Foundation
Vmware Vrealize Operations Manager 7.5.0
Vmware Vrealize Operations Manager
Vmware Vrealize Suite Lifecycle Manager
NA
CVE-2015-1764
The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote malicious users to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Excha...
Microsoft Exchange Server 2013
9.8
CVSSv3
CVE-2021-22986
On BIG-IP versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2.1, 14.1.x prior to 14.1.4, 13.1.x prior to 13.1.3.6, and 12.1.x prior to 12.1.5.3 amd BIG-IQ 7.1.0.x prior to 7.1.0.3 and 7.0.0.x prior to 7.0.0.2, the iControl REST interface has an unauthenticated remote comman...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Analytics
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Link Controller
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-iq Centralized Management
F5 Ssl Orchestrator
1 Metasploit module
23 Github repositories
2 Articles
NA
CVE-2023-40148
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.
9.8
CVSSv3
CVE-2022-0086
uppy is vulnerable to Server-Side Request Forgery (SSRF)
Transloadit Uppy
7.5
CVSSv3
CVE-2022-0132
peertube is vulnerable to Server-Side Request Forgery (SSRF)
Framasoft Peertube -
9.8
CVSSv3
CVE-2022-37938
Unauthenticated server side request forgery in HPE Serviceguard Manager
Hpe Serviceguard For Linux
6.5
CVSSv3
CVE-2021-3758
bookstack is vulnerable to Server-Side Request Forgery (SSRF)
Bookstackapp Bookstack
7.5
CVSSv3
CVE-2021-44139
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
Hashicorp Sentinel 1.8.2
7.2
CVSSv3
CVE-2021-4075
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
Snipeitapp Snipe-it -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »