9274 matches found
CVE-2025-53828
SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...
CVE-2025-53828
CVE-2025-53828 describes a SSRF vulnerability in SharePoint for ownCloud prior to 0.4.1 (affecting ownCloud 10 prior to 10.15.3). An attacker with administrative privileges can trigger SSRF to execute arbitrary code on the system. The fixed version is SharePoint for ownCloud 0.4.1, delivered with...
CVE-2026-44936
CVE-2026-44936 describes an SSRF risk in SUSE Rancher Fleet’s bundle reader when the helmRepoURLRegex field is not set on a GitRepo. The vulnerability allows forwarding Helm authentication credentials (BasicAuth) to any URL specified in the fleet.yaml helm.repo field, potentially leaking admin cr...
CVE-2026-55994
The CVE concerns Apache Camel Iggy: an attacker publishing to the Iggy stream can inject Camel control headers into inbound messages because the consumer maps external user-headers into the Exchange header map without a HeaderFilterStrategy. This enables Server-Side Request Forgery (SSRF) by redi...
CVE-2026-46726
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...
Owncast - Server Side Request Forgery
Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. id: CVE-2023-3188 info: name: Owncast - Server Side Request Forgery author: DhiyaneshDk severity: medium description: | Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. impac...
GeoServer Demo Request Endpoint - Server Side Request Forgery
It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...
Apache Solr <=8.8.1 - Server-Side Request Forgery
Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on anothe...
WordPress Canto 1.3.0 - Blind Server-Side Request Forgery
WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative...
Gogs <0.12.5 - Server-Side Request Forgery
Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-0870 info: name: Gogs 0.12.5 - Server-Sid...
External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery
WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...
Ligeo Archives Ligeo Basics - Server Side Request Forgery
Ligeo Archives Ligeo Basics as of 0201-2022 is vulnerable to Server Side Request Forgery SSRF which allows an attacker to read any documents via the download features. id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high...
Stirling-PDF < 1.1.0 - Server-Side Request Forgery
Stirling-PDF 1.1.0 contains a server side request forgery caused by bypassing the sanitizer in the /api/v1/convert/html/pdf endpoint when processing HTML to PDF conversion, letting attackers perform SSRF, exploit requires local access. id: CVE-2025-55150 info: name: Stirling-PDF 1.1.0 - Server-Si...
Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)
imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...
DedeCMS 5.7.109 - Server-Side Request Forgery
Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...
Gradio - Open Redirect
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...
Memos 0.13.2 - Server-Side Request Forgery
SSRF vulnerabilities exist in the memos API service /o/get/httpmeta that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the...
WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery
The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...
LobeHub LobeChat <= 2.1.56 - Server-Side Request Forgery
LobeHub LobeChat versions up to and including 2.1.56 are vulnerable to an unauthenticated server-side request forgery vulnerability in the /webapi/proxy endpoint. The endpoint accepts a URL in the POST request body and fetches it server-side without authentication. id: CVE-2026-54157 info: name:...
Rocket.Chat - Server-Side Request Forgery (SSRF)
A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. id: CVE-2024-39713 info: name: Rocket.Chat - Server-Side Request Forgery SSRF author: iamnoooob,rootxharsh,pdresearch severity: high description: | A Server-Side Request Forgery SSRF affects...