CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

CVE-2022-28217

Some part of SAP NetWeaver EP Web Page Composer does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by...

CVE-2022-1977

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks...

CVE-2022-47514

An XML external entity XXE injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery SSRF attacks, as demonstrated by a pingback.aspx POST request...

CVE-2020-7983

A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks...

CVE-2020-15352

An XML external entity XXE vulnerability in Pulse Connect Secure PCS before 9.1R9 and Pulse Policy Secure PPS before 9.1R9 allows remote authenticated admins to conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

CVE-2020-28735

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature only available to the Manager role...

CVE-2017-7569

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...

CVE-2014-9304

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web...

RLSA-2024:4756 Moderate: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

libuv security update

An update is available for libuv. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libuv is a multi-platform support library with a focus on asynchronous I/O...

RockyLinux 9 : libuv (RLSA-2024:4756)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4756 advisory. libuv: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806 Tenable has extracted the preceding description block directly from the...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-1373)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This...

CVE-2025-27136

CVE-2025-27136 concerns LocalS3, a local S3 mock service. Multiple connected sources confirm that before version 1.21, the bucket creation endpoint processes CreateBucketConfiguration with an XML parser that resolves external entities. An attacker can declare an external entity to reference an in...

Linux Distros Unpatched Vulnerability : CVE-2024-24806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart...

CVE-2025-25303

Summary: CVE-2025-25303 describes a Server-Side Request Forgery (SSRF) in the MouseTooltipTranslator Chrome extension. The issue stems from the pdf.mjs script, which uses the URL parameter from the current URL as the target file to download and display. Since pdf.mjs is imported by viewer.html an...

CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

Server-Side Request Forgery (SSRF)

Fedify is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the Webfinger mechanism, allowing attackers to perform GET requests to internal resources, cause denial of service via infinite loops, or execute blind SSRF attacks...

CVE-2025-23195

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...

CVE-2025-23195

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...