ReportizFlow
Filtered by vendor
Subscriptions
Total
2504 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43698 | 1 Open-xchange | 1 Ox App Suite | 2025-02-07 | 4.3 Medium |
| OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. | ||||
| CVE-2018-17452 | 1 Gitlab | 1 Gitlab | 2025-02-07 | 9.8 Critical |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. | ||||
| CVE-2018-17450 | 1 Gitlab | 1 Gitlab | 2025-02-07 | 4.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token. | ||||
| CVE-2022-43699 | 1 Open-xchange | 1 Ox App Suite | 2025-02-06 | 4.3 Medium |
| OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address). | ||||
| CVE-2024-27898 | 1 Sap | 1 Netweaver | 2025-02-06 | 5.3 Medium |
| SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. | ||||
| CVE-2023-2140 | 1 3ds | 1 Delmia Apriso | 2025-02-04 | 7.5 High |
| A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application. | ||||
| CVE-2022-48477 | 1 Jetbrains | 1 Hub | 2025-02-04 | 4.1 Medium |
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | ||||
| CVE-2023-26735 | 1 Prometheus | 1 Blackbox Exporter | 2025-02-04 | 7.5 High |
| blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured. | ||||
| CVE-2024-29173 | 1 Dell | 10 Apex Protection Storage, Data Domain Operating System, Dd3300 and 7 more | 2025-02-03 | 6.8 Medium |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client. | ||||
| CVE-2023-30444 | 1 Ibm | 1 Watson Machine Learning On Cloud Pak For Data | 2025-01-30 | 7.1 High |
| IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. | ||||
| CVE-2022-27234 | 1 Intel | 1 Computer Vision Annotation Tool | 2025-01-27 | 4.3 Medium |
| Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2023-23169 | 1 Synapsoft | 1 Pdfocus | 2025-01-27 | 6.5 Medium |
| Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | ||||
| CVE-2022-29840 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2025-01-25 | 5.1 Medium |
| Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202. | ||||
| CVE-2024-5917 | 1 Paloaltonetworks | 2 Cloud Ngfw, Pan-os | 2025-01-24 | 4.9 Medium |
| A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. | ||||
| CVE-2024-1884 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-24 | 6.5 Medium |
| This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. | ||||
| CVE-2023-31848 | 1 Davinci Project | 1 Davinci | 2025-01-23 | 8.8 High |
| davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). | ||||
| CVE-2024-3485 | 1 Microfocus | 1 Imanager | 2025-01-21 | 5.3 Medium |
| Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure. | ||||
| CVE-2024-3970 | 1 Microfocus | 1 Imanager | 2025-01-21 | 5.3 Medium |
| Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal. | ||||
| CVE-2024-27565 | 2 Chatgpt-wechat-personal, Dirk1983 | 2 Weixin.php, Chatgpt-wechat-personal | 2025-01-21 | 9.8 Critical |
| A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests. | ||||
| CVE-2024-27563 | 1 Wondercms | 1 Wondercms | 2025-01-21 | 5.3 Medium |
| A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | ||||