Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL function. An attacker can access internal network resources and sensitive cloud metadata by submitting specially crafted URLs that use IPv4-mapped IPv6 notation, which bypasses the...

EUVD-2018-5347

Malware in sbrugna...

EUVD-2020-23995

Malware in sbrugna...

EUVD-2025-24167

Malicious code in bioql PyPI...

EUVD-2025-19328

Malicious code in bioql PyPI...

CVE-2025-37125 Broken access control vulnerability in Firewall Configuration Leads to Unauthorized Access to Internal Network Resources

A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS ECOS. Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly...

CVE-2025-25229

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery SSRF Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources...

PT-2025-32560 · Omnissa · Workspace One Uem

Name of the Vulnerable Software and Affected Versions: Omnissa Workspace ONE UEM affected versions not specified Description: Omnissa Workspace ONE UEM contains a Server-Side Request Forgery SSRF vulnerability. A malicious actor with user privileges may be able to access restricted internal syste...

CVE-2025-53018

Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery SSRF vulnerability exists in the /api/v2/Photo::fromUrl endpoint. This flaw lets an attacker instruct the application’s backend to make HTTP requests to any URL they choose...

CVE-2024-45206

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources...

CVE-2020-36517

An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration...

Server Side Request Forgery (SSRF)

Rembg is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, allowing an attacker to request internal network resources via the /api/remove endpoint...

Palo Alto Networks PAN-OS 10.1.x < 10.1.7 / 10.2.x < 10.2.2 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.7 or 10.2.x prior to 10.2.2. It is, therefore, affected by a vulnerability. A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a...

CVE-2024-5917

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

CVE-2024-5917 PAN-OS: Server-Side Request Forgery in WildFire

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

CVE-2024-5917 PAN-OS: Server-Side Request Forgery in WildFire

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

CVE-2024-5917

CVE-2024-5917 describes a server-side request forgery in Palo Alto Networks PAN-OS. An authenticated administrator can use the web interface as a proxy to access internal network resources that should be inaccessible. The issue affects PAN-OS versions before certain fixed releases; remediation ad...

PAN-OS: Server-Side Request Forgery in WildFire

A server-side request forgery in PAN-OS software enables an authenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. Work around: Recommended mitigation—The vast majority of firewalls already...

Server-Side Request Forgery

next is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the Host header within Server Actions. This allows an attacker to make unauthorized requests that appear to originate from the Next.js application server, allowing access to internal network...

Server side request forgery (ssrf)

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...