Total
1983 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5260 | 2025-08-20 | N/A | 8.6 HIGH | ||
| Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5. | |||||
| CVE-2025-50234 | 1 Chshcms | 1 Mccms | 2025-08-18 | N/A | 6.5 MEDIUM |
| MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc_Encryption_Key (bD2voYwPpNuJ7B8), defined in the db.php file. The decrypted URL is passed to the geturl() method, which uses cURL to make a request to the URL without proper security checks. An attacker can craft a malicious encrypted pic parameter, which, when decrypted, points to internal addresses or local file paths (such as http://127.0.0.1 or file://). By using the file:// protocol, the attacker can access arbitrary files on the local file system (e.g., file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts), allowing them to read sensitive configuration files, log files, and more, leading to information leakage or system exposure. The danger of this SSRF vulnerability includes accessing internal services and local file systems through protocols like http://, ftp://, and file://, which can result in sensitive data leakage, remote code execution, privilege escalation, or full system compromise, severely affecting the system's security and stability. | |||||
| CVE-2025-55150 | 1 Stirlingpdf | 1 Stirling Pdf | 2025-08-15 | N/A | 8.6 HIGH |
| Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0. | |||||
| CVE-2025-55151 | 1 Stirlingpdf | 1 Stirling Pdf | 2025-08-15 | N/A | 8.6 HIGH |
| Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0. | |||||
| CVE-2025-55161 | 1 Stirlingpdf | 1 Stirling Pdf | 2025-08-15 | N/A | 8.6 HIGH |
| Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0. | |||||
| CVE-2025-53760 | 1 Microsoft | 1 Sharepoint Server | 2025-08-15 | N/A | 7.1 HIGH |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-8013 | 2025-08-15 | N/A | 3.8 LOW | ||
| The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2025-53241 | 2025-08-15 | N/A | 5.5 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9. | |||||
| CVE-2025-8680 | 2025-08-15 | N/A | 4.3 MEDIUM | ||
| The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. | |||||
| CVE-2025-45872 | 1 Zrlog | 1 Zrlog | 2025-08-14 | N/A | 9.8 CRITICAL |
| zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter. | |||||
| CVE-2024-49822 | 1 Ibm | 1 Qradar Advisor | 2025-08-14 | N/A | 4.1 MEDIUM |
| IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-53767 | 1 Microsoft | 1 Azure Openai | 2025-08-14 | N/A | 10.0 CRITICAL |
| Azure OpenAI Elevation of Privilege Vulnerability | |||||
| CVE-2025-28987 | 2025-08-14 | N/A | 6.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward allows Server Side Request Forgery. This issue affects PressForward: from n/a through 5.9.1. | |||||
| CVE-2025-50251 | 2025-08-13 | N/A | 9.1 CRITICAL | ||
| Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery. | |||||
| CVE-2025-2987 | 1 Ibm | 1 Maximo Asset Management | 2025-08-13 | N/A | 3.8 LOW |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-46341 | 1 Freshrss | 1 Freshrss | 2025-08-12 | N/A | 7.1 HIGH |
| FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin's username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue. | |||||
| CVE-2025-25235 | 2025-08-12 | N/A | 8.6 HIGH | ||
| Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks. | |||||
| CVE-2025-25229 | 2025-08-12 | N/A | 5.4 MEDIUM | ||
| Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources. | |||||
| CVE-2025-2109 | 1 Wpcompress | 1 Wp Compress | 2025-08-11 | N/A | 5.8 MEDIUM |
| The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services. | |||||
| CVE-2025-1521 | 1 Posthog | 1 Posthog | 2025-08-07 | N/A | 6.5 MEDIUM |
| PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the slack_incoming_webhook parameter. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25352. | |||||