| 2025-05-29 | CVE-2025-5327 | A vulnerability was found in chshcms mccms 2.7. | 6.3 |
| 2025-05-29 | CVE-2025-4967 | Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections. network low complexity CWE-918 critical | 9.1 |
| 2025-05-25 | CVE-2025-5140 | A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. | 6.3 |
| 2025-05-14 | CVE-2024-13940 | The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. | 5.5 |
| 2025-05-08 | CVE-2025-29972 | Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network. network low complexity CWE-918 critical | 9.9 |
| 2025-05-08 | CVE-2025-47733 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Power Apps
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network | 7.5 |
| 2025-05-07 | CVE-2025-47548 | Server-Side Request Forgery (SSRF) vulnerability in Wbcomdesigns Activity Link Preview for Buddypress
Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. | 9.8 |
| 2025-05-07 | CVE-2025-47635 | Server-Side Request Forgery (SSRF) vulnerability in Webinarpress
Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. | 9.8 |
| 2025-05-02 | CVE-2024-55910 | IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). | 6.5 |
| 2025-05-01 | CVE-2024-13845 | Server-Side Request Forgery (SSRF) vulnerability in Rocketgenius Gravity Forms Webhooks
The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 5.5 |