CVE-2025-49335

Server-Side Request Forgery SSRF vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through = 1.0.36...

CVE-2025-1211

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney...

CVE-2022-27429

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via /admin.php/Plugins/update.html...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2022-27469

Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery SSRF...

CVE-2019-7923

A server-side request forgery SSRF vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code...

CVE-2019-7911

A server-side request forgery SSRF vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin pan...

CVE-2019-12994

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...

CVE-2019-12959

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...

CVE-2019-12443

An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery SSRF vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks...

CVE-2025-1799

A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. This affects the function previewAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument data leads to server-side request forgery. It is possible to initiate the attack...

CVE-2025-1447

A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading t...

CVE-2025-1043

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-1848

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unknown function of the file /importdatacheck. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to...

CVE-2024-2057

A vulnerability was found in LangChain langchaincommunity 0.0.26. It has been classified as critical. Affected is the function loadlocal in the library libs/community/langchaincommunity/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It ...

CVE-2024-2828

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. I...

CVE-2024-2343

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the formtourlaction function. This makes it possible for authenticated attackers, with contributor-level access and above, to...

CVE-2025-1912

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validatefile Function. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-1970

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web request...

CVE-2025-1781

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery SSRF. This could be exploited to read arbitrary local files if an attacker has access to exception messages...