Total
1619 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34021 | 2025-06-23 | N/A | ||
| A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. | ||||
| CVE-2025-23172 | 2025-06-23 | 7.2 High | ||
| The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution. Exploitation Status: Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions. | ||||
| CVE-2025-47293 | 2025-06-23 | N/A | ||
| PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive files on the system. The vulnerable class is com.powsybl.commons.xml.XmlReader which is considered to be untrusted in use cases where untrusted users can submit their XML to the vulnerable methods. This can be a multi-tenant application that hosts many different users perhaps with different privilege levels. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2. | ||||
| CVE-2025-49985 | 2025-06-23 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Ali Irani Auto Upload Images allows Server Side Request Forgery. This issue affects Auto Upload Images: from n/a through 3.3.2. | ||||
| CVE-2025-49983 | 2025-06-23 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Joe Hoyle WPThumb allows Server Side Request Forgery. This issue affects WPThumb: from n/a through 0.10. | ||||
| CVE-2025-49984 | 2025-06-23 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.11. | ||||
| CVE-2025-52713 | 2025-06-23 | 6.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8. | ||||
| CVE-2025-52967 | 2025-06-23 | 5.8 Medium | ||
| gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | ||||
| CVE-2025-28197 | 1 Kidocode | 1 Crawl4ai | 2025-06-23 | 9.1 Critical |
| Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. | ||||
| CVE-2025-49190 | 2025-06-23 | 4.3 Medium | ||
| The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports. | ||||
| CVE-2024-22648 | 1 Seopanel | 1 Seo Panel | 2025-06-20 | 5.3 Medium |
| A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | ||||
| CVE-2023-52331 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | 7.1 High |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-38627 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | 5.4 Medium |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. | ||||
| CVE-2023-38626 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | 5.4 Medium |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625. | ||||
| CVE-2023-38625 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | 5.4 Medium |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38624. | ||||
| CVE-2023-38624 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | 5.4 Medium |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627. | ||||
| CVE-2024-37818 | 1 Strapi | 1 Strapi | 2025-06-20 | 8.6 High |
| Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi Development Community argues that this issue is not valid. They contend that "the strapi/admin was wrongly attributed a flaw that only pertains to the strapi.io website, and which, at the end of the day, does not pose any real SSRF risk to applications that make use of the Strapi library." | ||||
| CVE-2025-30678 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | 6.5 Medium |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | ||||
| CVE-2025-30679 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | 6.5 Medium |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. | ||||
| CVE-2025-30680 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | 7.5 High |
| A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. | ||||