Vulnerabilities > Server-Side Request Forgery (SSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-11 | CVE-2022-29848 | Server-Side Request Forgery (SSRF) vulnerability in Ipswitch Whatsup Gold 17.1.1/18.0/22.0.0 In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. | 4.0 |
2022-05-07 | CVE-2022-29180 | Server-Side Request Forgery (SSRF) vulnerability in Charm A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. | 7.5 |
2022-05-05 | CVE-2022-1592 | Server-Side Request Forgery (SSRF) vulnerability in Clinical-Genomics Scout Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. | 6.4 |
2022-05-04 | CVE-2022-29942 | Server-Side Request Forgery (SSRF) vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. | 4.0 |
2022-05-04 | CVE-2022-28090 | Server-Side Request Forgery (SSRF) vulnerability in Ujcms Jspxcms 10.2.0 Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. | 6.4 |
2022-05-02 | CVE-2022-1239 | Server-Side Request Forgery (SSRF) vulnerability in Hubspot The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | 6.5 |
2022-05-02 | CVE-2021-40822 | Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | 5.0 |
2022-05-01 | CVE-2022-25850 | Server-Side Request Forgery (SSRF) vulnerability in Proxyscotch Project Proxyscotch The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. | 5.0 |
2022-04-28 | CVE-2022-24449 | Server-Side Request Forgery (SSRF) vulnerability in Rt-Solar Solar Appscreener 3.10.4 Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. | 9.8 |
2022-04-28 | CVE-2022-29556 | Server-Side Request Forgery (SSRF) vulnerability in Northern.Tech Mender 3.2.0/3.2.1 The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. | 7.5 |