Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-42398 | Server-Side Request Forgery (SSRF) vulnerability in Zzcms 2023 An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. | 9.8 |
| 2023-09-06 | CVE-2023-36388 | Server-Side Request Forgery (SSRF) vulnerability in Apache Superset Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. | 5.4 |
| 2023-09-06 | CVE-2023-41937 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Bitbucket Push and Pull Request Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload. | 7.5 |
| 2023-09-01 | CVE-2023-36088 | Server-Side Request Forgery (SSRF) vulnerability in Vesoft Nebulagraph Studio 3.7.0 Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information. | 7.5 |
| 2023-09-01 | CVE-2023-40969 | Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.6.1 Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | 6.1 |
| 2023-08-30 | CVE-2023-4624 | Server-Side Request Forgery (SSRF) vulnerability in Bookstackapp Bookstack Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | 2.4 |
| 2023-08-22 | CVE-2023-37440 | Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. | 5.3 |
| 2023-08-16 | CVE-2023-35011 | Server-Side Request Forgery (SSRF) vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2023-08-04 | CVE-2022-41401 | Server-Side Request Forgery (SSRF) vulnerability in Openrefine OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. | 6.5 |
| 2023-08-02 | CVE-2023-26442 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite Office 7.8.3 In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. | 3.2 |