Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27620
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote malicious user to obtain sensitive information via a crafted request to the API.
668
VMScore
CVE-2021-33318
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP add...
Watsonwebserver Project Watsonwebserver
Ipmatcher Project Ipmatcher
668
VMScore
CVE-2017-14323
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote malicious users to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.
Onethink Onethink 1.1
Onethink Onethink 1.0
668
VMScore
CVE-2020-24881
SSRF exists in osTicket prior to 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Osticket Osticket
445
VMScore
CVE-2019-12632
A vulnerability in Cisco Finesse could allow an unauthenticated, remote malicious user to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-sup...
Cisco Finesse 11.6\\(1\\)
Cisco Finesse 12.5\\(1\\)
Cisco Finesse 12.0\\(1\\)
405
VMScore
CVE-2017-15639
tasks/feed/readRSS.cfm in Mura CMS prior to 6.2 allows malicious users to bypass intended access restrictions by leveraging the "draggable feeds" feature.
Getmura Mura Cms
1 EDB exploit
NA
CVE-2023-32750
Pydio Cells up to and including 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and sa...
Pydio Cells
NA
CVE-2022-36551
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and previous versions allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these vers...
Heartex Label Studio
645
VMScore
CVE-2014-9301
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition prior to 5.0.a allows remote malicious users to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parame...
Alfresco Alfresco
1 EDB exploit
1 Github repository
505
VMScore
CVE-2014-9302
Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and previous versions allows remote malicious users to trigger outbound requests via a crafted URI in the url para...
Alfresco Community Edition
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »