CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB

Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...

CVE-2025-22399

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery...

CVE-2024-52606

SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney that stems from an incorrect parsing of URLs by the URI built-in module and hackey, making it susceptible to server-side request forgery SSRF attacks...

PT-2025-6373 · Tableau · Tableau Server

Name of the Vulnerable Software and Affected Versions: Tableau Server versions 2023.3 through 2023.3.5 Description: The issue is a Server-Side Request Forgery SSRF vulnerability that allows Authentication Bypass. This means an attacker can potentially bypass authentication mechanisms, gaining...

CVE-2025-25194 Server-Side Request Forgery (SSRF) in activitypub_federation

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior of activitypubfederation and versions 0.19...

Lemmy 代码问题漏洞

Lemmy is Lemmy open source free software for building social news aggregators and web forums. A code issue vulnerability exists in Lemmy 0.19.8 and earlier versions, which stems from a dependency in activitypubfederation that does not properly handle Webfinger requests, leading to server-side...

The vulnerability of the CMSimple content management system’s link validation function allows attackers to perform SSRF attacks.

The vulnerability of the CMSimple content management system’s link validation function is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor to carry out an SSRF attack remotely...

CVE-2024-56471

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2024-5526

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery SSRF...

IBM Aspera Shares 代码问题漏洞

IBM Aspera Shares is a web application from International Business Machines IBM. A code issue vulnerability exists in IBM Aspera Shares that stems from the inclusion of a server-side request forgery vulnerability. It could allow an authenticated attacker to send unauthorized requests from the...

IBM Aspera Shares 代码问题漏洞

IBM Aspera Shares is a Web application from International Business Machines IBM. IBM Aspera Shares suffers from a server-side request forgery vulnerability that stems from the server not implementing an adequate authentication mechanism to confirm the origin of a request, which could be exploited...

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite. An attacker exploiting this vulnerability could perform a server-side request forgery...

WordPress plugin Traveler Layout Essential For Elementor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2025-4635 · Elementor · Traveler Layout Essential For Elementor

Name of the Vulnerable Software and Affected Versions: Traveler Layout Essential For Elementor versions 1.0.8 and earlier Description: The issue is related to a Server-Side Request Forgery SSRF problem. This is a type of security vulnerability where an attacker can trick a server into making...

Server-side Request Forgery (SSRF)

Overview django-icon-picker is an A custom Django model field that allows users to select icons from a predefined set. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the downloadandsavesvg function, which interpolates arbitrary URLs without filtering out...

UBUNTU-CVE-2023-6195

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image...

WordPress plugin Oshine Modules 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers. A code issue vulnerability exists...

SUSE CVE-2024-52594

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...

SUSE CVE-2024-52602

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrad...