Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2023-46229 | Server-Side Request Forgery (SSRF) vulnerability in Langchain LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | 8.8 |
| 2023-10-17 | CVE-2023-45152 | Server-Side Request Forgery (SSRF) vulnerability in Engelsystem Engelsystem is a shift planning system for chaos events. | 2.3 |
| 2023-10-09 | CVE-2023-39854 | Server-Side Request Forgery (SSRF) vulnerability in ATX Ucrypt 3.5 The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. | 6.5 |
| 2023-10-06 | CVE-2023-44384 | Server-Side Request Forgery (SSRF) vulnerability in Discourse Jira 20231001 Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. | 4.1 |
| 2023-10-02 | CVE-2023-3744 | Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.6.0 Server-Side Request Forgery vulnerability in SLims version 9.6.0. | 8.8 |
| 2023-09-29 | CVE-2023-44469 | Server-Side Request Forgery (SSRF) vulnerability in Lemonldap-Ng Lemonldap::Ng A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. | 4.3 |
| 2023-09-27 | CVE-2023-41449 | Server-Side Request Forgery (SSRF) vulnerability in PHPkobo Ajaxnewsticker 1.0.5 An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | 9.8 |
| 2023-09-15 | CVE-2023-42398 | Server-Side Request Forgery (SSRF) vulnerability in Zzcms 2023 An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. | 9.8 |
| 2023-09-06 | CVE-2023-36388 | Server-Side Request Forgery (SSRF) vulnerability in Apache Superset Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. | 5.4 |
| 2023-09-06 | CVE-2023-41937 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Bitbucket Push and Pull Request Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload. | 7.5 |