Lucene search
K

10766 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:16 p.m.5 views

CVE-2018-1000828

FrostWire version = frostwire-desktop-6.7.4-build-272 contains a XML External Entity XXE vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to...

9CVSS7AI score0.01333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.5 views

CVE-2018-1000837

UML Designer version = 8.0.0 contains a XML External Entity XXE vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file...

10CVSS7AI score0.01799EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.12 views

CVE-2018-1000820

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity XXE vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c...

10CVSS7AI score0.01873EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.7 views

CVE-2018-1000833

ZoneMinder version = 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...

9.8CVSS7.5AI score0.03232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.10 views

CVE-2021-27103

Accellion FTA 912411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA912416 and later...

9.8CVSS6.9AI score0.11406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.7 views

CVE-2021-27329

Friendica 2021.01 allows SSRF via parseurl?binurl= for DNS lookups or HTTP requests to arbitrary domain names...

10CVSS7AI score0.01535EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.7 views

CVE-2021-33581

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService...

7.2CVSS6.9AI score0.01234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.8 views

CVE-2021-33213

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...

6.5CVSS6.6AI score0.01304EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.6 views

CVE-2021-33510

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...

4.3CVSS6.5AI score0.00992EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.8 views

CVE-2021-33511

Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...

7.5CVSS6.8AI score0.01195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.5 views

CVE-2021-28910

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server...

7.5CVSS7.1AI score0.01166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.7 views

CVE-2021-31828

An SSRF issue in Open Distro for Elasticsearch ODFE before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope...

7.1CVSS6.8AI score0.00893EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.9 views

CVE-2021-31910

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible...

7.5CVSS6.5AI score0.01349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.5 views

CVE-2021-22970

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...

7.5CVSS6.7AI score0.01438EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.4 views

CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

5.3CVSS6.7AI score0.00831EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.5 views

CVE-2021-22054

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to...

7.5CVSS7.1AI score0.97713EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.21 views

CVE-2021-22056

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response...

7.5CVSS6.9AI score0.01558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.6 views

CVE-2016-10927

The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php...

10CVSS7.1AI score0.01649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.7 views

CVE-2022-37033

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no...

6.5CVSS6.7AI score0.00843EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.9 views

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...

9.1CVSS7.5AI score0.00977EPSS
Exploits1References1
Rows per page
Query Builder