CVE-2022-31827

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery SSRF via the function performFetchRequest at HTTPFetcher.php...

CVE-2022-31830

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery SSRF via the init function at ImageCapture.class.php...

EUVD-2020-18040

Malware in sbrugna...

EUVD-2020-13128

Malware in sbrugna...

EUVD-2019-6484

Malware in sbrugna...

EUVD-2024-38512

Malicious code in bioql PyPI...

EUVD-2021-30382

Malicious code in bioql PyPI...

EUVD-2023-32867

Malicious code in bioql PyPI...

EUVD-2025-5359

Malicious code in bioql PyPI...

EUVD-2025-17669

Malicious code in bioql PyPI...

CVE-2025-8267

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...

CVE-2025-36845

CVE-2025-36845 affects Eveo URVE Web Manager 27.02.2025. A server-side request forgery exists in /_internal/redirect.php due to improper validation of the URL input, enabling the app server to request internal endpoints and reflect content in the response. The Nuclei template confirms the SSRF pa...

CVE-2025-46385

CWE-918 Server-Side Request Forgery SSRF...

CVE-2024-9408

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...

CVE-2024-9408

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...

CVE-2025-49545 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...

CVE-2025-53473

CVE-2025-53473 is a server-side request forgery (SSRF) vulnerability reported in Nimesa Backup and Recovery. Public sources identify multiple affected branches and versions, including: - prior to v3.0.2025062305, - v2.3, and - v2.4, with the risk of unintended requests being sent to internal serv...

CVE-2025-7103 BoyunCMS curl Index.php server-side request forgery

A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The...

CVE-2025-49852

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers...

CVE-2025-48962

Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 Windows, Linux before build 39938...