Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-04 | CVE-2022-20951 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Broadworks Messaging Server 22.0 A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 6.5 |
| 2022-11-04 | CVE-2022-20958 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Broadworks Commpilot Application A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 8.8 |
| 2022-11-03 | CVE-2022-39276 | Server-Side Request Forgery (SSRF) vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique. | 5.3 |
| 2022-11-02 | CVE-2022-39241 | Server-Side Request Forgery (SSRF) vulnerability in Discourse Discourse is a platform for community discussion. | 4.9 |
| 2022-11-01 | CVE-2022-41552 | Server-Side Request Forgery (SSRF) vulnerability in Hitachi products Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | 9.8 |
| 2022-10-31 | CVE-2022-40296 | Server-Side Request Forgery (SSRF) vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. | 9.8 |
| 2022-10-28 | CVE-2022-3708 | Server-Side Request Forgery (SSRF) vulnerability in Google web Stories The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. | 8.1 |
| 2022-10-26 | CVE-2022-43776 | Server-Side Request Forgery (SSRF) vulnerability in Metabase The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. | 6.5 |
| 2022-10-25 | CVE-2022-36451 | Server-Side Request Forgery (SSRF) vulnerability in Mitel Micollab A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. | 8.8 |
| 2022-10-25 | CVE-2022-27622 | Server-Side Request Forgery (SSRF) vulnerability in Synology Diskstation Manager Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | 4.3 |