Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-11-30 CVE-2022-41412 An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
network
low complexity
CWE-918
8.6
8.6
2022-11-25 CVE-2022-45152 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle.
network
low complexity
moodle fedoraproject CWE-918
critical
 9.1
9.1
2022-11-22 CVE-2022-40842 Server-Side Request Forgery (SSRF) vulnerability in Ndk-Design Ndkadvancedcustomizationfields 3.5.0
ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php.
network
low complexity
ndk-design CWE-918
critical
 9.1
9.1
2022-11-21 CVE-2022-4096 Server-Side Request Forgery (SSRF) vulnerability in Appsmith
Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.
network
low complexity
appsmith CWE-918
6.5
6.5
2022-11-19 CVE-2022-41609 Server-Side Request Forgery (SSRF) vulnerability in Wordplus Better Messages
Auth.
network
low complexity
wordplus CWE-918
8.8
8.8
2022-11-17 CVE-2022-43183 Server-Side Request Forgery (SSRF) vulnerability in Xuxueli Xxl-Job
XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.
network
low complexity
xuxueli CWE-918
8.8
8.8
2022-11-17 CVE-2022-42894 Server-Side Request Forgery (SSRF) vulnerability in Siemens Syngo Dynamics Cardiovascular Imaging and Information System
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01).
network
low complexity
siemens CWE-918
7.5
7.5
2022-11-17 CVE-2022-43140 Server-Side Request Forgery (SSRF) vulnerability in Keking Kkfileview 4.1.0
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile.
network
low complexity
keking CWE-918
7.5
7.5
2022-11-16 CVE-2022-39383 Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Kubevela
KubeVela is an open source application delivery platform.
network
low complexity
linuxfoundation CWE-918
6.5
6.5
2022-11-11 CVE-2022-41906 Server-Side Request Forgery (SSRF) vulnerability in Amazon Opensearch Notifications
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels.
network
low complexity
amazon CWE-918
8.7
8.7