Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-29942 Server-Side Request Forgery (SSRF) vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network.
network
low complexity
talend CWE-918
6.5
2022-05-04 CVE-2022-28090 Server-Side Request Forgery (SSRF) vulnerability in Ujcms Jspxcms 10.2.0
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=.
network
low complexity
ujcms CWE-918
6.5
2022-05-02 CVE-2021-40822 Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
network
low complexity
osgeo CWE-918
7.5
2022-05-01 CVE-2022-25850 Server-Side Request Forgery (SSRF) vulnerability in Proxyscotch Project Proxyscotch
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy.
network
low complexity
proxyscotch-project CWE-918
7.5
2022-04-28 CVE-2022-24449 Server-Side Request Forgery (SSRF) vulnerability in Rt-Solar Solar Appscreener 3.10.4
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.
network
low complexity
rt-solar CWE-918
critical
9.8
2022-04-28 CVE-2022-29556 Server-Side Request Forgery (SSRF) vulnerability in Northern.Tech Mender 3.2.0/3.2.1
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.
network
low complexity
northern-tech CWE-918
critical
9.8
2022-04-28 CVE-2022-28117 Server-Side Request Forgery (SSRF) vulnerability in Naviwebs Navigate CMS 2.9.4
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
network
low complexity
naviwebs CWE-918
4.9
2022-04-26 CVE-2022-27469 Server-Side Request Forgery (SSRF) vulnerability in Monstaftp Monsta FTP 2.10.3
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).
network
low complexity
monstaftp CWE-918
critical
9.8
2022-04-25 CVE-2022-27311 Server-Side Request Forgery (SSRF) vulnerability in Gibbon Project Gibbon
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL.
network
low complexity
gibbon-project CWE-918
critical
9.8
2022-04-25 CVE-2022-27429 Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 1.9.5
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
network
low complexity
jizhicms CWE-918
critical
9.8