Total
1167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32750 | 1 Pydio | 1 Cells | 2023-06-16 | N/A | 6.5 MEDIUM |
| Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells. | |||||
| CVE-2023-3188 | 1 Owncast Project | 1 Owncast | 2023-06-16 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. | |||||
| CVE-2023-34959 | 1 Chamilo | 1 Chamilo Lms | 2023-06-15 | N/A | 5.3 MEDIUM |
| An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools. | |||||
| CVE-2023-28824 | 1 Contec | 1 Conprosys Hmi System | 2023-06-08 | N/A | 4.9 MEDIUM |
| Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database. | |||||
| CVE-2022-1977 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-06-07 | 6.0 MEDIUM | 7.2 HIGH |
| The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | |||||
| CVE-2023-23955 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2023-06-06 | N/A | 8.1 HIGH |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | |||||
| CVE-2023-33184 | 1 Nextcloud | 1 Nextcloud Mail | 2023-06-02 | N/A | 5.3 MEDIUM |
| Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. | |||||
| CVE-2023-32348 | 1 Teltonika | 1 Remote Management System | 2023-06-01 | N/A | 5.8 MEDIUM |
| Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN. | |||||
| CVE-2022-36376 | 1 Rankmath | 1 Seo | 2023-05-26 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress. | |||||
| CVE-2023-31848 | 1 Davinci Project | 1 Davinci | 2023-05-25 | N/A | 8.8 HIGH |
| davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). | |||||
| CVE-2023-23169 | 1 Synapsoft | 1 Pdfocus | 2023-05-23 | N/A | 6.5 MEDIUM |
| Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | |||||
| CVE-2022-29840 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2023-05-22 | N/A | 5.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202. | |||||
| CVE-2023-30019 | 1 Evilmartians | 1 Imgproxy | 2023-05-16 | N/A | 5.3 MEDIUM |
| imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. | |||||
| CVE-2022-43698 | 1 Open-xchange | 1 Ox App Suite | 2023-05-15 | N/A | 4.3 MEDIUM |
| OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. | |||||
| CVE-2023-2140 | 1 3ds | 1 Delmia Apriso | 2023-05-09 | N/A | 7.5 HIGH |
| A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application. | |||||
| CVE-2023-30444 | 1 Ibm | 1 Watson Machine Learning On Cloud Pak For Data | 2023-05-04 | N/A | 6.5 MEDIUM |
| IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. | |||||
| CVE-2022-48477 | 1 Jetbrains | 1 Hub | 2023-05-02 | N/A | 9.8 CRITICAL |
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | |||||
| CVE-2023-25504 | 1 Apache | 1 Superset | 2023-04-27 | N/A | 6.5 MEDIUM |
| A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1. | |||||
| CVE-2018-15516 | 1 Dlink | 1 Central Wifimanager | 2023-04-26 | 3.5 LOW | 5.8 MEDIUM |
| The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | |||||
| CVE-2018-15517 | 1 Dlink | 1 Central Wifimanager | 2023-04-26 | 5.0 MEDIUM | 8.6 HIGH |
| The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | |||||