Vulnerabilities > Server-Side Request Forgery (SSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-13 | CVE-2021-40604 | Server-Side Request Forgery (SSRF) vulnerability in Invisioncommunity IPS Community Suite A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. | 6.4 |
2022-06-13 | CVE-2022-28217 | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash. | 6.5 |
2022-06-09 | CVE-2022-24969 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | 5.8 |
2022-06-09 | CVE-2022-31386 | Server-Side Request Forgery (SSRF) vulnerability in Nbnbk Project Nbnbk 3 A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter. | 6.4 |
2022-06-09 | CVE-2022-31390 | Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. | 6.4 |
2022-06-09 | CVE-2022-31393 | Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. | 6.4 |
2022-06-09 | CVE-2022-31827 | Server-Side Request Forgery (SSRF) vulnerability in Monstaftp 2.10.3 MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. | 6.4 |
2022-06-09 | CVE-2022-31830 | Server-Side Request Forgery (SSRF) vulnerability in Baidu Kity Minder 1.3.5 Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. | 6.4 |
2022-06-02 | CVE-2021-40186 | Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. | 5.0 |
2022-06-02 | CVE-2022-27780 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. | 7.5 |