Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-11-09 CVE-2024-10814 The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function.
network
low complexity
CWE-918
6.4
2024-11-05 CVE-2024-51740 Server-Side Request Forgery (SSRF) vulnerability in Combodo Itop
Combodo iTop is a simple, web based IT Service Management tool.
network
low complexity
combodo CWE-918
8.8
2024-11-04 CVE-2024-51408 Server-Side Request Forgery (SSRF) vulnerability in Appsmith
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.
network
low complexity
appsmith CWE-918
6.5
2024-11-04 CVE-2024-51665 Server-Side Request Forgery (SSRF) vulnerability in Wpthemespace Magical Addons for Elementor
Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1.
network
low complexity
wpthemespace CWE-918
4.3
2024-10-22 CVE-2024-45518 Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46.
network
low complexity
zimbra CWE-918
8.8
2024-10-16 CVE-2012-10018 The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively.
network
low complexity
CWE-918
8.3
2024-10-10 CVE-2024-47167 Server-Side Request Forgery (SSRF) vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project CWE-918
critical
9.8
2024-10-10 CVE-2024-45119 Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
network
low complexity
adobe CWE-918
6.4
2024-10-10 CVE-2024-8977 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2.
network
low complexity
gitlab CWE-918
8.1
2024-10-08 CVE-2024-47008 Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti CWE-918
7.5