Total
1861 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25187 | 1 Xiaocheng-keji | 1 71cms | 2025-06-10 | N/A | 8.6 HIGH |
| Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html. | |||||
| CVE-2024-22873 | 1 Tencent | 1 Blueking Configuration Management Database | 2025-06-09 | N/A | 8.1 HIGH |
| Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request. | |||||
| CVE-2025-5510 | 1 Quequnlong | 1 Shiyi-blog | 2025-06-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-30976 | 2025-06-06 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks allows Server Side Request Forgery. This issue affects Nexa Blocks: from n/a through 1.1.0. | |||||
| CVE-2025-30997 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0. | |||||
| CVE-2025-29008 | 2025-06-06 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7. | |||||
| CVE-2024-6155 | 1 Greenshiftwp | 1 Greenshift - Animation And Page Builder Blocks | 2025-06-05 | N/A | 6.4 MEDIUM |
| The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1. | |||||
| CVE-2023-35817 | 1 Devexpress | 1 Devexpress | 2025-06-05 | N/A | 5.0 MEDIUM |
| DevExpress before 23.1.3 allows AsyncDownloader SSRF. | |||||
| CVE-2025-29972 | 1 Microsoft | 1 Azure Storage Resource Provider | 2025-06-05 | N/A | 9.9 CRITICAL |
| Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2024-48907 | 1 Sematell | 1 Replyone | 2025-06-04 | N/A | 7.5 HIGH |
| Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. | |||||
| CVE-2025-48962 | 2025-06-04 | N/A | 4.3 MEDIUM | ||
| Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938. | |||||
| CVE-2022-2912 | 1 Craw-data Project | 1 Craw-data | 2025-06-03 | N/A | 4.3 MEDIUM |
| The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF). | |||||
| CVE-2023-49471 | 1 Barassistant | 1 Bar Assistant | 2025-06-03 | N/A | 8.8 HIGH |
| Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code. | |||||
| CVE-2023-51804 | 1 Rymcu | 1 Forest | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file. | |||||
| CVE-2021-31531 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). | |||||
| CVE-2020-15594 | 1 Zohocorp | 1 Manageengine Application Control Plus | 2025-05-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed. | |||||
| CVE-2019-6970 | 1 Moodle | 1 Moodle | 2025-05-30 | 6.0 MEDIUM | 7.5 HIGH |
| Moodle 3.5.x before 3.5.4 allows SSRF. | |||||
| CVE-2019-6516 | 1 Wso2 | 1 Dashboard Server | 2025-05-30 | 5.0 MEDIUM | 5.8 MEDIUM |
| An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF. | |||||
| CVE-2019-6512 | 1 Wso2 | 1 Api Manager | 2025-05-30 | 4.0 MEDIUM | 4.1 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. | |||||
| CVE-2019-3905 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-05-30 | 7.5 HIGH | 10.0 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | |||||