Total
1561 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1285 | 1 Gogs | 1 Gogs | 2024-11-21 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | ||||
| CVE-2022-1239 | 1 Hubspot | 1 Hubspot | 2024-11-21 | 8.8 High |
| The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | ||||
| CVE-2022-1213 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.1 High |
| SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 | ||||
| CVE-2022-1191 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.1 High |
| SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. | ||||
| CVE-2022-1188 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. | ||||
| CVE-2022-1037 | 1 Villatheme | 1 Exmage | 2024-11-21 | 7.2 High |
| The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs | ||||
| CVE-2022-0990 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | ||||
| CVE-2022-0939 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.9 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | ||||
| CVE-2022-0870 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.3 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. | ||||
| CVE-2022-0768 | 1 Alltubedownload | 1 Alltube | 2024-11-21 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. | ||||
| CVE-2022-0767 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.9 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | ||||
| CVE-2022-0766 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | ||||
| CVE-2022-0671 | 1 Redhat | 1 Vscode-xml | 2024-11-21 | 9.1 Critical |
| A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. | ||||
| CVE-2022-0591 | 1 Subtlewebinc | 1 Formcraft3 | 2024-11-21 | 9.1 Critical |
| The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users | ||||
| CVE-2022-0528 | 1 Transloadit | 1 Uppy | 2024-11-21 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1. | ||||
| CVE-2022-0508 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.3 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 | ||||
| CVE-2022-0425 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. | ||||
| CVE-2022-0339 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | ||||
| CVE-2022-0249 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. | ||||
| CVE-2022-0136 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. | ||||