Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2023-5122 | Server-Side Request Forgery (SSRF) vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 5.3 |
| 2024-02-14 | CVE-2024-23788 | Server-Side Request Forgery (SSRF) vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. | 8.1 |
| 2024-02-12 | CVE-2024-23761 | Server-Side Request Forgery (SSRF) vulnerability in Gambio 4.9.2.0 Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | 9.8 |
| 2024-02-12 | CVE-2023-6294 | Server-Side Request Forgery (SSRF) vulnerability in Sygnoos Popup Builder The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. | 7.2 |
| 2024-02-09 | CVE-2024-24829 | Server-Side Request Forgery (SSRF) vulnerability in Sentry Sentry is an error tracking and performance monitoring platform. | 5.3 |
| 2024-02-08 | CVE-2023-42282 | Server-Side Request Forgery (SSRF) vulnerability in Fedorindutny IP The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. | 9.8 |
| 2024-02-08 | CVE-2024-24113 | Server-Side Request Forgery (SSRF) vulnerability in Xuxueli Xxl-Job xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. | 8.8 |
| 2024-02-07 | CVE-2024-0628 | Server-Side Request Forgery (SSRF) vulnerability in Wprssaggregator WP RSS Aggregator The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. | 3.8 |
| 2024-02-05 | CVE-2023-22817 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital products Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. | 5.5 |
| 2024-01-31 | CVE-2023-50165 | Server-Side Request Forgery (SSRF) vulnerability in Pega Platform Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. | 8.6 |