Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssrf vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-23718
The package ssrf-agent prior to 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.
Ssrf-agent Project Ssrf-agent
8.6
CVSSv3
CVE-2018-16793
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
Microsoft Exchange Server 2010
8.6
CVSSv3
CVE-2018-16794
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
Microsoft Active Directory Federation Services
3 Github repositories
4.3
CVSSv2
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x prior to 3.0.0.354175, 3.1.x prior to 3.1.0.354180, 4.5.x prior to 4.5.1.354177, 4.6.2.x prior to 4.6.2.354178, and 4.7.x prior to 4.7.0.354178, allows remote malicio...
Hp Xp P9000 Command View Advanced Edition -
Hp Xp7 Command View Advanced Edition -
Adobe Coldfusion
Adobe Livecycle Data Services 3.0
Adobe Livecycle Data Services 4.5
Adobe Livecycle Data Services 4.6
Adobe Livecycle Data Services 4.7
9.8
CVSSv3
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 up to and including 2.0.8, which allows remote malicious users to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-do...
Tp-shop Tp-shop
6.5
CVSSv2
CVE-2014-7959
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
Ait-pro Bulletproof Security .44
Ait-pro Bulletproof Security .44.1
Ait-pro Bulletproof Security .45
Ait-pro Bulletproof Security .45.1
Ait-pro Bulletproof Security .45.2
Ait-pro Bulletproof Security .45.3
Ait-pro Bulletproof Security .45.4
Ait-pro Bulletproof Security .45.5
Ait-pro Bulletproof Security .45.6
Ait-pro Bulletproof Security .45.7
Ait-pro Bulletproof Security .45.8
Ait-pro Bulletproof Security .45.9
4.3
CVSSv2
CVE-2014-7958
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the dbhost parameter.
Ait-pro Bulletproof Security .44
Ait-pro Bulletproof Security .44.1
Ait-pro Bulletproof Security .45
Ait-pro Bulletproof Security .45.1
Ait-pro Bulletproof Security .45.2
Ait-pro Bulletproof Security .45.3
Ait-pro Bulletproof Security .45.4
Ait-pro Bulletproof Security .45.5
Ait-pro Bulletproof Security .45.6
Ait-pro Bulletproof Security .45.7
Ait-pro Bulletproof Security .45.8
Ait-pro Bulletproof Security .45.9
9.6
CVSSv3
CVE-2023-1895
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make we...
Motopress Getwid
4.3
CVSSv3
CVE-2023-1910
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers wit...
Jetmonsters Getwid – Gutenberg Blocks
Motopress Getwid
5
CVSSv2
CVE-2014-8749
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote malicious users to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
Ait-pro Bulletproof Security
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
type confusion
unspecified
CVE-2025-24200
reflected XSS
panel
CVE-2024-12549
temporal technologies, inc.
CVE-2024-21971
CVE-2024-57777
CVE-2023-31122
CVE-2025-0909
winzip computing
unified secops platform
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »