Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-06-10 CVE-2024-36414 Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm
SuiteCRM is an open-source Customer Relationship Management (CRM) software application.
network
low complexity
salesagility CWE-918
6.5
2024-06-06 CVE-2024-4177 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery.
network
low complexity
bitdefender CWE-918
critical
9.8
2024-06-05 CVE-2024-20404 Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system.
network
low complexity
cisco CWE-918
5.3
2024-06-05 CVE-2024-5526 Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity.
network
low complexity
grafana CWE-918
critical
9.1
2024-06-05 CVE-2024-4084 Server-Side Request Forgery (SSRF) vulnerability in Mintplexlabs Anythingllm
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols.
network
low complexity
mintplexlabs CWE-918
7.5
2024-06-04 CVE-2024-36675 Server-Side Request Forgery (SSRF) vulnerability in Lylme Spage 1.9.5
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
network
low complexity
lylme CWE-918
critical
9.1
2024-06-04 CVE-2024-4219 Server-Side Request Forgery (SSRF) vulnerability in Beyondtrust Beyondinsight 23.1
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.
network
low complexity
beyondtrust CWE-918
critical
9.1
2024-05-15 CVE-2024-4894 ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks.
network
low complexity
CWE-918
5.3
2024-02-12 CVE-2024-23761 Server-Side Request Forgery (SSRF) vulnerability in Gambio 4.9.2.0
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
network
low complexity
gambio CWE-918
critical
9.8
2024-02-09 CVE-2024-24829 Server-Side Request Forgery (SSRF) vulnerability in Sentry
Sentry is an error tracking and performance monitoring platform.
network
low complexity
sentry CWE-918
5.3