Total
1984 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57767 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | N/A | 8.6 HIGH |
| MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. | |||||
| CVE-2025-31009 | 2025-04-09 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1. | |||||
| CVE-2025-32675 | 2025-04-09 | N/A | 6.8 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery. This issue affects SEO Help: from n/a through 6.6.0. | |||||
| CVE-2025-32487 | 2025-04-09 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark allows Server Side Request Forgery. This issue affects Waymark: from n/a through 1.5.2. | |||||
| CVE-2025-32691 | 2025-04-09 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.4. | |||||
| CVE-2022-3841 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2025-04-09 | N/A | 7.8 HIGH |
| RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests. | |||||
| CVE-2025-25760 | 1 Sucms Project | 1 Sucms | 2025-04-09 | N/A | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request. | |||||
| CVE-2025-32013 | 1 Lnbits | 1 Lnbits | 2025-04-08 | N/A | 7.5 HIGH |
| LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request to that URL using the httpx library with redirect following enabled. The application doesn't properly validate the callback URL, allowing attackers to specify internal network addresses and access internal resources. | |||||
| CVE-2024-29090 | 1 Meowapps | 1 Ai Engine | 2025-04-08 | N/A | 6.8 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4. | |||||
| CVE-2022-25026 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-04-08 | N/A | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy. | |||||
| CVE-2025-25827 | 1 Emlog | 1 Emlog | 2025-04-07 | N/A | 6.8 MEDIUM |
| A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL. | |||||
| CVE-2025-28089 | 1 Maccms | 1 Maccms | 2025-04-07 | N/A | 9.1 CRITICAL |
| maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. | |||||
| CVE-2025-3192 | 2025-04-07 | N/A | 8.2 HIGH | ||
| Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories. | |||||
| CVE-2025-28090 | 1 Maccms | 1 Maccms | 2025-04-07 | N/A | 9.1 CRITICAL |
| maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. | |||||
| CVE-2025-28091 | 1 Maccms | 1 Maccms | 2025-04-07 | N/A | 9.1 CRITICAL |
| maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. | |||||
| CVE-2025-28092 | 1 Shopxo | 1 Shopxo | 2025-04-07 | N/A | 6.3 MEDIUM |
| ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. | |||||
| CVE-2025-28093 | 1 Shopxo | 1 Shopxo | 2025-04-07 | N/A | 6.3 MEDIUM |
| ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. | |||||
| CVE-2025-28094 | 1 Shopxo | 1 Shopxo | 2025-04-07 | N/A | 6.5 MEDIUM |
| shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. | |||||
| CVE-2025-28096 | 1 Onenav | 1 Onenav | 2025-04-07 | N/A | 5.4 MEDIUM |
| OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers. | |||||
| CVE-2022-45926 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports. | |||||