ReportizFlow
Filtered by vendor
Subscriptions
Total
1494 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25760 | 1 Sucms Project | 1 Sucms | 2025-04-09 | 7.5 High |
| A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request. | ||||
| CVE-2024-44677 | 1 Eladmin | 1 Eladmin | 2025-04-08 | 9.8 Critical |
| eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. | ||||
| CVE-2024-20332 | 1 Cisco | 1 Identity Services Engine | 2025-04-08 | 5.5 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials. | ||||
| CVE-2025-32013 | 1 Lnbits | 1 Lnbits | 2025-04-08 | 7.5 High |
| LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request to that URL using the httpx library with redirect following enabled. The application doesn't properly validate the callback URL, allowing attackers to specify internal network addresses and access internal resources. | ||||
| CVE-2025-3412 | 2025-04-08 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2_training_platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3411 | 2025-04-08 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308. This issue affects some unknown processing of the file 3_api_platform/api-platform/src/main/java/top/aias/platform/controller/AsrController.java. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-29090 | 1 Meowapps | 1 Ai Engine | 2025-04-08 | 6.8 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4. | ||||
| CVE-2022-25026 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-04-08 | 7.5 High |
| A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy. | ||||
| CVE-2025-25827 | 1 Emlog | 1 Emlog | 2025-04-07 | 6.8 Medium |
| A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL. | ||||
| CVE-2025-32358 | 2025-04-07 | 4 Medium | ||
| In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network. | ||||
| CVE-2025-28089 | 1 Maccms | 1 Maccms | 2025-04-07 | 9.1 Critical |
| maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. | ||||
| CVE-2025-3192 | 2025-04-07 | 8.2 High | ||
| Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories. | ||||
| CVE-2025-2243 | 2025-04-07 | N/A | ||
| A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1. | ||||
| CVE-2025-2245 | 2025-04-07 | N/A | ||
| A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems. | ||||
| CVE-2025-28090 | 1 Maccms | 1 Maccms | 2025-04-07 | 9.1 Critical |
| maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. | ||||
| CVE-2025-3254 | 2025-04-07 | 6.3 Medium | ||
| A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-28091 | 1 Maccms | 1 Maccms | 2025-04-07 | 9.1 Critical |
| maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. | ||||
| CVE-2025-28092 | 1 Shopxo | 1 Shopxo | 2025-04-07 | 6.3 Medium |
| ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. | ||||
| CVE-2025-28093 | 1 Shopxo | 1 Shopxo | 2025-04-07 | 6.3 Medium |
| ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. | ||||
| CVE-2025-28094 | 1 Shopxo | 1 Shopxo | 2025-04-07 | 6.5 Medium |
| shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. | ||||