CVE-2026-33226

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...

CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

CVE-2025-34232

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/lexmark/dellCheck.php script that can be...

CVE-2023-48379

CVE-2023-48379 affects Softnext Mail SQR Expert. The vulnerability arises from inadequate filtering of a specific URL parameter within a specific function, enabling an unauthenticated remote attacker to perform a Blind SSRF and infer internal network topology from URL error responses. Reported ac...

Softnext Technologies Mail SQR Expert Code Issue Vulnerability

Softnext Technologies Mail SQR Expert is a comprehensive email content security management system from Softnext Technologies, China. A code issue vulnerability exists in Softnext Technologies Mail SQR Expert prior to v230330, which arises from insufficient filtering of specific URL parameters in...

CVE-2022-39055

RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response...

PT-2022-24700 · Unknown · Rava Certificate Validation System

Name of the Vulnerable Software and Affected Versions: RAVA certificate validation system affected versions not specified Description: The RAVA certificate validation system has inadequate filtering for the URL parameter, allowing an unauthenticated remote attacker to perform a Server-Side Reques...

CarrierWave Code Issue Vulnerability

Mshibuya CarrierWave is an upload tool from the Mshibuya Personal Organization in the United States. It provides a simple and extremely flexible way to upload files from Ruby applications. A code issue vulnerability exists in CarrierWave versions prior to 1.3.2 and 2.1.1 that stems from a...

CVE-2020-24444

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...

Server-Side Request Forgery (SSRF)

ghost is vulnerable to server-side request forgery SSRF. An attacker with the publisher role editor, author, contributor, administrator in a blog is able to exploit the vulnerability in the embed content module to make arbitrary GET requests in a on behalf of the server, allowing discovery of...