Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-28155 Server-Side Request Forgery (SSRF) vulnerability in Request Project Request
** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).
network
low complexity
request-project CWE-918
6.1
2023-03-14 CVE-2023-27271 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.
network
low complexity
sap CWE-918
7.5
2023-03-14 CVE-2023-27896 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 420/430
In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.
network
low complexity
sap CWE-918
7.5
2023-03-14 CVE-2023-26459 Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Abap
Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.
network
low complexity
sap CWE-918
7.4
2023-03-10 CVE-2023-27161 Server-Side Request Forgery (SSRF) vulnerability in Jellyfin
Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories.
network
low complexity
jellyfin CWE-918
7.5
2023-03-07 CVE-2023-25230 Server-Side Request Forgery (SSRF) vulnerability in Loonflow Project Loonflow R2.0.14
loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF).
network
low complexity
loonflow-project CWE-918
4.9
2023-03-06 CVE-2021-36396 Server-Side Request Forgery (SSRF) vulnerability in Moodle
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
network
low complexity
moodle CWE-918
7.5
2023-03-03 CVE-2022-46973 Server-Side Request Forgery (SSRF) vulnerability in Anji-Plus Report 0.9.8.6
Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.
network
low complexity
anji-plus CWE-918
critical
9.8
2023-03-03 CVE-2023-26492 Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus
Directus is a real-time API and App dashboard for managing SQL database content.
network
low complexity
monospace CWE-918
7.5
2023-03-03 CVE-2023-20062 Server-Side Request Forgery (SSRF) vulnerability in Cisco products
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system.
network
low complexity
cisco CWE-918
4.3