25850 matches found
Gradio - Server-Side Request Forgery
A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...
Oracle Weblogic - Server-Side Request Forgery
An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. id: CVE-2014-4210 info: name: Oracle Weblogic - Server-Side Request Forgery author:...
Atlassian Confluence < 5.8.6 - Server-Side Request Forgery
Confluence Server and Data Center before 5.8.6 contain a blind server-side request forgery caused by the WidgetConnector plugin, letting remote attackers manipulate internal network resources, exploit requires network access to the server. id: CVE-2021-26072 info: name: Atlassian Confluence 5.8.6...
WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery
WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...
WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery
WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can...
Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...
Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery
WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery. id: CVE-2019-8982 info: name: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request...
D-Link Central WifiManager - Server-Side Request Forgery
D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...
GeoServer WPS - Server Side Request Forgery
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...
Apache OFBiz < 18.12.11 - Server Side Request Forgery
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...
Apache OFBiz < 18.12.11 - Remote Code Execution
The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery SSRF id: CVE-2023-51467 info: name: Apache OFBiz 18.12.11 - Remote Code Execution author: your3cho severity: critical description: | The vulnerability allows attackers to bypass...
GeoServer WFS - XXE Processing Vulnerability
GeoServer Web Feature Service WFS is vulnerable to an XML External Entity XXE processing attack due to improper handling of XML input. This vulnerability allows attackers to perform Out-of-Band OOB data exfiltration and Server-Side Request Forgery SSRF by exploiting the GeoTools library. id:...
SAP NetWeaver Development Infrastructure - Server Side Request Forgery
Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...
playSMS <1.4.3 - Remote Code Execution
PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template. id: CVE-2020-8644 info: name: playSMS 1.4.3 - Remote Code Execution author: dbrwsky severity: critical description: PlaySMS before version 1.4.3 is susceptible to remote code...
CVE-2026-15525
A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...
EUVD-2026-43267
A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...
CVE-2026-15525 kLOsk adloop write.py _validate_urls server-side request forgery
A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...
CVE-2026-15525
CVE-2026-15525 affects the kLOsk adloop package up to version 0.9.0. The vulnerability is in the function _validate_urls in src/adloop/ads/write.py, where manipulating the argument final_url can trigger a server-side request forgery (SSRF). The issue can be exploited remotely and the exploit is p...
EUVD-2026-43249
A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...
CVE-2025-45869
CVE-2025-45869 affects LogicalDOC Enterprise up to and before v9.1.1. The vulnerability is a Server-Side Request Forgery (SSRF) in the ShareFileCallback servlet, exploitable by an unauthenticated attacker who can manipulate input parameters to trigger a server-side request to an attacker-controll...