Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
357
VMScore
CVE-2022-28117
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote malicious users to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
Naviwebs Navigate Cms 2.9.4
2 Github repositories
NA
CVE-2022-36551
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and previous versions allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these vers...
Heartex Label Studio
645
VMScore
CVE-2014-9301
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition prior to 5.0.a allows remote malicious users to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parame...
Alfresco Alfresco
1 EDB exploit
1 Github repository
505
VMScore
CVE-2016-6483
The media-file upload feature in vBulletin prior to 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x prior to 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x prior to 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Leve...
Vbulletin Vbulletin 4.2.3
Vbulletin Vbulletin 3.8.8
Vbulletin Vbulletin 5.2.2
Vbulletin Vbulletin 4.2.2
Vbulletin Vbulletin 3.8.9
Vbulletin Vbulletin 3.8.7
Vbulletin Vbulletin 5.2.0
Vbulletin Vbulletin 5.2.1
1 EDB exploit
1 Article
356
VMScore
CVE-2020-25820
BigBlueButton prior to 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
Bigbluebutton Bigbluebutton
668
VMScore
CVE-2020-27197
TAXII libtaxii up to and including 1.1.117, as used in EclecticIQ OpenTAXII up to and including 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out tha...
Libtaxii Project Libtaxii
Eclecticiq Opentaxii
668
VMScore
CVE-2017-12905
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote malicious users to disclose information or execute arbitrary code via the url parameter to Launderer.php.
Vebto Pixie - Image Editor 1.4
Vebto Pixie - Image Editor 1.7
490
VMScore
CVE-2021-31950
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Sharepoint Foundation 2013
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server 2016
NA
CVE-2022-38580
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
Zalando Skipper
445
VMScore
CVE-2020-24548
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.
Ericom Access Server 9.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »