9415 matches found
CVE-2026-57407
Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...
Umbraco <7.4.0- Server-Side Request Forgery
Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...
Oracle Weblogic - Server-Side Request Forgery
An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. id: CVE-2014-4210 info: name: Oracle Weblogic - Server-Side Request Forgery author:...
Gradio - Server Side Request Forgery
An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...
DedeCMS 5.7.109 - Server-Side Request Forgery
Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...
LiteLLM - Server-Side Request Forgery
LiteLLM vulnerable to Server-Side Request Forgery SSRF vulnerability Exposes OpenAI API Keys. id: CVE-2024-6587 info: name: LiteLLM - Server-Side Request Forgery author: pdresearch,iamnoooob,rootxharsh,lambdasawa severity: high description: | LiteLLM vulnerable to Server-Side Request Forgery SSRF...
WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery
WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...
All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery SSRF via the 'dl' parameter found in the /public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the serve...
GeoServer WPS - Server Side Request Forgery
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...
Navigate CMS 2.9.4 - Server-Side Request Forgery
Navigate CMS 2.9.4 is susceptible to server-side request forgery via feedparser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data...
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side Request Forgery
Onair2 3.9.9.2 and KenthaRadio 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery. id: CVE-2021-24472 info...
Gogs <0.12.5 - Server-Side Request Forgery
Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-0870 info: name: Gogs 0.12.5 - Server-Sid...
Pascom CPS Server-Side Request Forgery
Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...
SAP NetWeaver Development Infrastructure - Server Side Request Forgery
Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...
Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter. id: CVE-2023-30019 info: name: Imgproxy = 3.14.0 - Server-side request forgery SSRF author: DhiyaneshDK severity: medium description: | imgproxy =3.14.0 is vulnerable to...
Elestio Memos <= v0.24.0 - Server-Side Request Forgery
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. id: CVE-2025-22952 info: name: Elestio Memos = v0.24.0 - Server-Side Request Forgery author: iamnoooob,rootxharsh,pdresearc...
Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...
Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)
Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter requesturi. This allows an attacker to execute a server-side request forgery SSRF attack. id: CVE-2020-10770 info: name: Keycloak = 12.0.1 - requesturi Blind Server-Side Request...
Apache OFBiz < 18.12.11 - Server Side Request Forgery
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...
Apache OFBiz < 18.12.11 - Remote Code Execution
The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery SSRF id: CVE-2023-51467 info: name: Apache OFBiz 18.12.11 - Remote Code Execution author: your3cho severity: critical description: | The vulnerability allows attackers to bypass...