Vulnerabilities > Server-Side Request Forgery (SSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-17 | CVE-2022-1723 | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | 5.0 |
2022-05-16 | CVE-2022-23668 | Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Clearpass Policy Manager A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. | 4.0 |
2022-05-16 | CVE-2022-1386 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. | 9.8 |
2022-05-16 | CVE-2022-1398 | Server-Side Request Forgery (SSRF) vulnerability in External Media Without Import Project External Media Without Import The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks | 4.0 |
2022-05-16 | CVE-2022-1713 | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. | 7.5 |
2022-05-16 | CVE-2022-1722 | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. | 3.3 |
2022-05-15 | CVE-2022-30049 | Server-Side Request Forgery (SSRF) vulnerability in Ruifang-Tech Rebuild 2.8.3 A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. | 7.5 |
2022-05-14 | CVE-2022-1379 | Server-Side Request Forgery (SSRF) vulnerability in multiple products URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. | 9.1 |
2022-05-13 | CVE-2020-22983 | Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | 8.1 |
2022-05-11 | CVE-2022-29847 | Server-Side Request Forgery (SSRF) vulnerability in Ipswitch Whatsup Gold 22.0.0 In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. | 5.0 |