Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
Tecrail Responsive Filemanager 9.13.1
6.5
CVSSv3
CVE-2018-9920
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.
K2 Smartforms 4.6.11
6.5
CVSSv3
CVE-2022-36551
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and previous versions allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these vers...
Heartex Label Studio
8.6
CVSSv3
CVE-2016-6483
The media-file upload feature in vBulletin prior to 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x prior to 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x prior to 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Leve...
Vbulletin Vbulletin 4.2.3
Vbulletin Vbulletin 3.8.8
Vbulletin Vbulletin 5.2.2
Vbulletin Vbulletin 4.2.2
Vbulletin Vbulletin 3.8.9
Vbulletin Vbulletin 3.8.7
Vbulletin Vbulletin 5.2.0
Vbulletin Vbulletin 5.2.1
1 EDB exploit
1 Article
6.5
CVSSv3
CVE-2020-25820
BigBlueButton prior to 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
Bigbluebutton Bigbluebutton
7.6
CVSSv3
CVE-2021-31950
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Sharepoint Foundation 2013
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server 2016
5.3
CVSSv3
CVE-2020-24548
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.
Ericom Access Server 9.2.0
9.8
CVSSv3
CVE-2022-38580
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
Zalando Skipper
9.8
CVSSv3
CVE-2020-27197
TAXII libtaxii up to and including 1.1.117, as used in EclecticIQ OpenTAXII up to and including 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out tha...
Libtaxii Project Libtaxii
Eclecticiq Opentaxii
10
CVSSv3
CVE-2017-12905
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote malicious users to disclose information or execute arbitrary code via the url parameter to Launderer.php.
Vebto Pixie - Image Editor 1.4
Vebto Pixie - Image Editor 1.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »