Total
1977 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24381 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2. | |||||
| CVE-2026-24138 | 2026-01-26 | N/A | 7.5 HIGH | ||
| FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and files on the machine running FOG. This appears to be reachable without an authenticated web session when the request includes newService=1. The issue does not have a fixed release version at the time of publication. | |||||
| CVE-2026-0807 | 2026-01-26 | N/A | 7.2 HIGH | ||
| The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'template_proxy' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application via the '/template-proxy/' and '/proxy-image/' endpoint. | |||||
| CVE-2025-24695 | 1 Hasthemes | 1 Extensions For Cf7 | 2026-01-23 | N/A | 4.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery. This issue affects Extensions For CF7: from n/a through 3.2.0. | |||||
| CVE-2021-47776 | 1 Umbraco | 1 Umbraco Cms | 2026-01-23 | N/A | 5.3 MEDIUM |
| Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts. | |||||
| CVE-2026-23768 | 1 Naver | 1 Lucy-xss-filter | 2026-01-23 | N/A | 6.1 MEDIUM |
| lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension. | |||||
| CVE-2026-0613 | 1 Thelibrarian | 1 The Librarian | 2026-01-23 | N/A | 7.5 HIGH |
| The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions. | |||||
| CVE-2025-15104 | 1 Validator | 1 Validator | 2026-01-23 | N/A | 5.3 MEDIUM |
| Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd). | |||||
| CVE-2024-35637 | 1 Church Admin Project | 1 Church Admin | 2026-01-21 | N/A | 4.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6. | |||||
| CVE-2025-67647 | 1 Svelte | 2 Adapter-node, Kit | 2026-01-21 | N/A | 9.1 CRITICAL |
| SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when your app has at least one prerendered route (export const prerender = true). From 2.19.0 through 2.49.4, the vulnerability results in a DoS when your app has at least one prerendered route and you are using adapter-node without a configured ORIGIN environment variable, and you are not using a reverse proxy that implements Host header validation. This vulnerability is fixed in 2.49.5. | |||||
| CVE-2025-69014 | 2026-01-20 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through <= 1.3.5. | |||||
| CVE-2025-68893 | 2026-01-20 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0. | |||||
| CVE-2025-68600 | 2026-01-20 | N/A | 9.1 CRITICAL | ||
| Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through <= 7.8.4. | |||||
| CVE-2025-68500 | 2026-01-20 | N/A | 9.1 CRITICAL | ||
| Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10. | |||||
| CVE-2025-67989 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3. | |||||
| CVE-2025-67623 | 2026-01-20 | N/A | 9.1 CRITICAL | ||
| Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.19.9. | |||||
| CVE-2025-63010 | 2026-01-20 | N/A | 4.8 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4. | |||||
| CVE-2025-62988 | 2026-01-20 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3. | |||||
| CVE-2025-62088 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7. | |||||
| CVE-2025-59138 | 2026-01-20 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through 1.6.6. | |||||