Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-08-02 CVE-2021-24371 The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. 0.0
2021-08-02 CVE-2021-24472 The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. 0.0
2021-07-28 CVE-2020-4974 Server-Side Request Forgery (SSRF) vulnerability in IBM products
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF).
network
low complexity
ibm CWE-918
6.5
2021-07-22 CVE-2021-26699 Server-Side Request Forgery (SSRF) vulnerability in multiple products
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
5.8
2021-07-21 CVE-2021-22726 Server-Side Request Forgery (SSRF) vulnerability in Schneider-Electric products
A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to perform unintended actions or access to data when crafted malicious parameters are submitted to the charging station web server.
network
low complexity
schneider-electric CWE-918
5.5
2021-07-19 CVE-2021-31216 Server-Side Request Forgery (SSRF) vulnerability in Siren Investigate
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default).
network
low complexity
siren CWE-918
5.5
2021-07-15 CVE-2021-29749 Server-Side Request Forgery (SSRF) vulnerability in IBM products
IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.5
2021-07-14 CVE-2021-33213 Server-Side Request Forgery (SSRF) vulnerability in Element-It Http Commander 5.3.3
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.
network
low complexity
element-it CWE-918
4.0
2021-07-12 CVE-2020-23079 Server-Side Request Forgery (SSRF) vulnerability in Halo
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.
network
low complexity
halo CWE-918
5.0
2021-07-11 CVE-2021-29102 Server-Side Request Forgery (SSRF) vulnerability in Esri Arcgis Server 10.8.1
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks.
network
low complexity
esri CWE-918
6.4