Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-06-10 CVE-2024-36414 Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm
SuiteCRM is an open-source Customer Relationship Management (CRM) software application.
network
low complexity
salesagility CWE-918
6.5
2024-06-06 CVE-2024-5186 Server-Side Request Forgery (SSRF) vulnerability in Zylon Privategpt 0.5.0
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0.
network
low complexity
zylon CWE-918
8.6
2024-06-06 CVE-2024-4177 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery.
network
low complexity
bitdefender CWE-918
critical
9.8
2024-06-05 CVE-2024-20404 Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system.
network
low complexity
cisco CWE-918
5.3
2024-06-05 CVE-2024-5526 Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity.
network
low complexity
grafana CWE-918
critical
9.1
2024-06-04 CVE-2024-36675 Server-Side Request Forgery (SSRF) vulnerability in Lylme Spage 1.9.5
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
network
low complexity
lylme CWE-918
critical
9.1
2024-06-04 CVE-2024-4219 Server-Side Request Forgery (SSRF) vulnerability in Beyondtrust Beyondinsight 23.1
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.
network
low complexity
beyondtrust CWE-918
critical
9.1
2024-05-22 CVE-2024-5031 Server-Side Request Forgery (SSRF) vulnerability in Caseproof Memberpress
The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode.
network
low complexity
caseproof CWE-918
6.4
2024-05-15 CVE-2024-3485 Server-Side Request Forgery (SSRF) vulnerability in Microfocus Imanager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-918
7.5
2024-05-15 CVE-2024-3970 Server-Side Request Forgery (SSRF) vulnerability in Microfocus Imanager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-918
7.5