Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-09-16 CVE-2022-2912 Server-Side Request Forgery (SSRF) vulnerability in Craw-Data Project Craw-Data
The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF).
network
low complexity
craw-data-project CWE-918
4.3
2022-09-14 CVE-2022-2900 Server-Side Request Forgery (SSRF) vulnerability in Parse-Url Project Parse-Url
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.
network
low complexity
parse-url-project CWE-918
critical
9.1
2022-09-12 CVE-2022-38298 Server-Side Request Forgery (SSRF) vulnerability in Appsmith 1.7.11
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.
network
low complexity
appsmith CWE-918
8.8
2022-09-12 CVE-2022-38292 Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.4.2
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.
network
low complexity
slims CWE-918
critical
9.8
2022-09-09 CVE-2022-40305 Server-Side Request Forgery (SSRF) vulnerability in Canto
A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.
network
low complexity
canto CWE-918
critical
9.8
2022-09-06 CVE-2022-36663 Server-Side Request Forgery (SSRF) vulnerability in Gluu Oxauth
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.
network
low complexity
gluu CWE-918
critical
9.8
2022-09-02 CVE-2021-27693 Server-Side Request Forgery (SSRF) vulnerability in Publiccms
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
network
low complexity
publiccms CWE-918
critical
9.8
2022-08-22 CVE-2022-35583 Server-Side Request Forgery (SSRF) vulnerability in Wkhtmltopdf 0.12.6
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source.
network
low complexity
wkhtmltopdf CWE-918
critical
9.8
2022-08-15 CVE-2020-23622 Server-Side Request Forgery (SSRF) vulnerability in Cling Project Cling
An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header
network
low complexity
cling-project CWE-918
7.5
2022-08-12 CVE-2022-37041 Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-918
7.5