Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-39338 Server-Side Request Forgery (SSRF) vulnerability in Axios 1.5.1
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
network
low complexity
axios CWE-918
7.5
2024-08-12 CVE-2024-41570 Server-Side Request Forgery (SSRF) vulnerability in Havocframework Havoc
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
network
low complexity
havocframework CWE-918
critical
9.8
2024-08-06 CVE-2024-38206 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Copilot Studio
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
network
low complexity
microsoft CWE-918
6.5
2024-08-05 CVE-2024-42352 Server-Side Request Forgery (SSRF) vulnerability in Nuxt
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js.
network
low complexity
nuxt CWE-918
7.5
2024-08-05 CVE-2024-39713 Server-Side Request Forgery (SSRF) vulnerability in Rocket.Chat
A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.
network
low complexity
rocket-chat CWE-918
8.6
2024-08-01 CVE-2024-38791 Server-Side Request Forgery (SSRF) vulnerability in Meowapps AI Engine
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allows Server Side Request Forgery.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.4.7.
network
low complexity
meowapps CWE-918
7.1
2024-08-01 CVE-2024-2090 Server-Side Request Forgery (SSRF) vulnerability in Doublesharp Remote Content Shortcode
The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode.
network
low complexity
doublesharp CWE-918
6.4
2024-08-01 CVE-2024-7330 Server-Side Request Forgery (SSRF) vulnerability in Youdiancms 7.0
A vulnerability has been found in YouDianCMS 7 and classified as critical.
network
low complexity
youdiancms CWE-918
6.3
2024-07-31 CVE-2024-6980 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.
network
low complexity
bitdefender CWE-918
critical
9.8
2024-07-30 CVE-2024-41305 Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.4.3
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
network
low complexity
wondercms CWE-918
4.7