ReportizFlow
Filtered by vendor
Subscriptions
Total
1332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23776 | 1 Winmail Project | 1 Winmail | 2024-11-21 | 7.5 High |
| A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request. | ||||
| CVE-2020-23622 | 1 Cling Project | 1 Cling | 2024-11-21 | 7.5 High |
| An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header | ||||
| CVE-2020-23534 | 1 Masterlab | 1 Masterlab | 2024-11-21 | 9.8 Critical |
| A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. | ||||
| CVE-2020-23079 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 High |
| SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | ||||
| CVE-2020-22983 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 8.1 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | ||||
| CVE-2020-22002 | 1 Inim | 12 Smartliving 10100l, Smartliving 10100l Firmware, Smartliving 10100lg3 and 9 more | 2024-11-21 | 7.5 High |
| An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. | ||||
| CVE-2020-21788 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 4.3 Medium |
| In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. | ||||
| CVE-2020-21653 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.1 Critical |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method. | ||||
| CVE-2020-21649 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.1 High |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. | ||||
| CVE-2020-21122 | 1 Ureport Project | 1 Ureport | 2024-11-21 | 5.3 Medium |
| UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | ||||
| CVE-2020-20582 | 1 Mipcms | 1 Mipcms | 2024-11-21 | 7.5 High |
| A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information. | ||||
| CVE-2020-20341 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 7.5 High |
| YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | ||||
| CVE-2020-1925 | 2 Apache, Redhat | 2 Olingo, Jboss Fuse | 2024-11-21 | 7.5 High |
| Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker. | ||||
| CVE-2020-19613 | 1 Flycms Project | 1 Flycms | 2024-11-21 | 7.5 High |
| Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | ||||
| CVE-2020-17513 | 1 Apache | 1 Airflow | 2024-11-21 | 5.3 Medium |
| In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. | ||||
| CVE-2020-17386 | 1 Cellopoint | 1 Cellos | 2024-11-21 | 6.5 Medium |
| Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. | ||||
| CVE-2020-16248 | 1 Prometheus | 1 Blackbox Exporter | 2024-11-21 | 5.8 Medium |
| Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability | ||||
| CVE-2020-16171 | 1 Acronis | 1 Cyber Backup | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572. | ||||
| CVE-2020-15879 | 1 Bitwarden | 1 Server | 2024-11-21 | 7.5 High |
| Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). | ||||
| CVE-2020-15823 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | ||||