Vulnerabilities > Server-Side Request Forgery (SSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-16 | CVE-2022-2912 | Server-Side Request Forgery (SSRF) vulnerability in Craw-Data Project Craw-Data The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF). | 4.3 |
2022-09-14 | CVE-2022-2900 | Server-Side Request Forgery (SSRF) vulnerability in Parse-Url Project Parse-Url Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. | 9.1 |
2022-09-12 | CVE-2022-38298 | Server-Side Request Forgery (SSRF) vulnerability in Appsmith 1.7.11 Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. | 8.8 |
2022-09-12 | CVE-2022-38292 | Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.4.2 SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | 9.8 |
2022-09-09 | CVE-2022-40305 | Server-Side Request Forgery (SSRF) vulnerability in Canto A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form. | 9.8 |
2022-09-06 | CVE-2022-36663 | Server-Side Request Forgery (SSRF) vulnerability in Gluu Oxauth Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. | 9.8 |
2022-09-02 | CVE-2021-27693 | Server-Side Request Forgery (SSRF) vulnerability in Publiccms Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. | 9.8 |
2022-08-22 | CVE-2022-35583 | Server-Side Request Forgery (SSRF) vulnerability in Wkhtmltopdf 0.12.6 wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. | 9.8 |
2022-08-15 | CVE-2020-23622 | Server-Side Request Forgery (SSRF) vulnerability in Cling Project Cling An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header | 7.5 |
2022-08-12 | CVE-2022-37041 | Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. | 7.5 |