Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-04-15 CVE-2022-43699 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6
OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).
network
low complexity
open-xchange CWE-918
4.3
4.3
2023-03-31 CVE-2023-27162 Server-Side Request Forgery (SSRF) vulnerability in Openapi-Generator Openapi Generator
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}.
network
low complexity
openapi-generator CWE-918
critical
 9.1
9.1
2023-03-31 CVE-2023-27163 Server-Side Request Forgery (SSRF) vulnerability in Rbaskets Request Baskets
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}.
network
low complexity
rbaskets CWE-918
6.5
6.5
2023-03-31 CVE-2023-27159 Server-Side Request Forgery (SSRF) vulnerability in Appwrite
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon.
network
low complexity
appwrite CWE-918
7.5
7.5
2023-03-31 CVE-2023-27160 Server-Side Request Forgery (SSRF) vulnerability in Forem 2022.11.11
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}.
network
low complexity
forem CWE-918
7.2
7.2
2023-03-28 CVE-2023-25262 Server-Side Request Forgery (SSRF) vulnerability in Stimulsoft Designer 2023.1.3/2023.1.4
Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF).
network
low complexity
stimulsoft CWE-918
7.5
7.5
2023-03-25 CVE-2023-1634 Server-Side Request Forgery (SSRF) vulnerability in Otcms 6.72
A vulnerability was found in OTCMS 6.72.
network
low complexity
otcms CWE-918
critical
 9.8
9.8
2023-03-20 CVE-2023-27586 Server-Side Request Forgery (SSRF) vulnerability in Courtbouillon Cairosvg
CairoSVG is an SVG converter based on Cairo, a 2D graphics library.
local
low complexity
courtbouillon CWE-918
7.1
7.1
2023-03-16 CVE-2023-28155 Server-Side Request Forgery (SSRF) vulnerability in Request Project Request
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).
network
low complexity
request-project CWE-918
6.1
6.1
2023-03-10 CVE-2023-27161 Server-Side Request Forgery (SSRF) vulnerability in Jellyfin
Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories.
network
low complexity
jellyfin CWE-918
7.5
7.5