Total
1695 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0480 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-13 | 4.3 Medium |
| A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12840 | 2025-05-12 | 5.0 Medium | ||
| Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug. | ||||
| CVE-2025-47548 | 1 Wbcomdesigns | 1 Activity Link Preview For Buddypress | 2025-05-12 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through 1.4.4. | ||||
| CVE-2025-47635 | 1 Webinarpress | 1 Webinarpress | 2025-05-12 | 5.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. This issue affects WebinarPress: from n/a through 1.33.27. | ||||
| CVE-2025-4012 | 1 Playeduos | 1 Playedu | 2025-05-12 | 2.7 Low |
| A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-30420 | 1 Appleple | 1 A-blog Cms | 2025-05-12 | 4.4 Medium |
| Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain arbitrary files on the server and information on the internal server that is not disclosed to the public. | ||||
| CVE-2022-3247 | 1 Adenion | 1 Blog2social | 2025-05-09 | 6.5 Medium |
| The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks | ||||
| CVE-2022-39055 | 1 Changingtec | 1 Rava Certificate Validation System | 2025-05-09 | 5.3 Medium |
| RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response. | ||||
| CVE-2023-7253 | 1 Importwp | 1 Import Wp | 2025-05-08 | 6.1 Medium |
| The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. | ||||
| CVE-2019-0227 | 2 Apache, Oracle | 37 Axis, Agile Engineering Data Management, Agile Product Lifecycle Management and 34 more | 2025-05-08 | 7.5 High |
| A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. | ||||
| CVE-2025-47484 | 2025-05-08 | 6.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery. This issue affects Display Remote Posts Block: from n/a through 1.1.0. | ||||
| CVE-2025-47483 | 2025-05-08 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Iulia Cazan Easy Replace Image allows Server Side Request Forgery. This issue affects Easy Replace Image: from n/a through 3.5.0. | ||||
| CVE-2025-47464 | 2025-05-08 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.1. | ||||
| CVE-2025-47664 | 1 Thimpress | 1 Wp Pipes | 2025-05-08 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2. | ||||
| CVE-2024-48944 | 1 Apache | 1 Kylin | 2025-05-08 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue. | ||||
| CVE-2020-17386 | 1 Cellopoint | 1 Cellos | 2025-05-08 | 6.5 Medium |
| Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. | ||||
| CVE-2022-36451 | 1 Mitel | 1 Micollab | 2025-05-07 | 8.8 High |
| A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. | ||||
| CVE-2023-6853 | 1 Kodcloud | 1 Kodexplorer | 2025-05-07 | 6.3 Medium |
| A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability. | ||||
| CVE-2022-27622 | 1 Synology | 1 Diskstation Manager | 2025-05-07 | 4.1 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | ||||
| CVE-2022-38580 | 1 Zalando | 1 Skipper | 2025-05-07 | 9.8 Critical |
| Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | ||||