Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-02 | CVE-2022-39241 | Server-Side Request Forgery (SSRF) vulnerability in Discourse Discourse is a platform for community discussion. | 4.9 |
| 2022-11-01 | CVE-2022-41552 | Server-Side Request Forgery (SSRF) vulnerability in Hitachi products Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | 9.8 |
| 2022-10-31 | CVE-2022-40296 | Server-Side Request Forgery (SSRF) vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. | 9.8 |
| 2022-10-28 | CVE-2022-3708 | Server-Side Request Forgery (SSRF) vulnerability in Google web Stories The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. | 8.1 |
| 2022-10-26 | CVE-2022-43776 | Server-Side Request Forgery (SSRF) vulnerability in Metabase The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. | 6.5 |
| 2022-10-25 | CVE-2022-36451 | Server-Side Request Forgery (SSRF) vulnerability in Mitel Micollab A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. | 8.8 |
| 2022-10-25 | CVE-2022-27622 | Server-Side Request Forgery (SSRF) vulnerability in Synology Diskstation Manager Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | 4.3 |
| 2022-10-25 | CVE-2022-38580 | Server-Side Request Forgery (SSRF) vulnerability in Zalando Skipper Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | 9.8 |
| 2022-10-25 | CVE-2022-3247 | Server-Side Request Forgery (SSRF) vulnerability in Adenion Blog2Social The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. | 6.5 |
| 2022-10-25 | CVE-2022-41704 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. | 7.5 |