Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-04 | CVE-2022-29942 | Server-Side Request Forgery (SSRF) vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. | 6.5 |
| 2022-05-04 | CVE-2022-28090 | Server-Side Request Forgery (SSRF) vulnerability in Ujcms Jspxcms 10.2.0 Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. | 6.5 |
| 2022-05-02 | CVE-2021-40822 | Server-Side Request Forgery (SSRF) vulnerability in Osgeo Geoserver GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | 7.5 |
| 2022-05-01 | CVE-2022-25850 | Server-Side Request Forgery (SSRF) vulnerability in Proxyscotch Project Proxyscotch The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. | 7.5 |
| 2022-04-28 | CVE-2022-24449 | Server-Side Request Forgery (SSRF) vulnerability in Rt-Solar Solar Appscreener 3.10.4 Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. | 9.8 |
| 2022-04-28 | CVE-2022-29556 | Server-Side Request Forgery (SSRF) vulnerability in Northern.Tech Mender 3.2.0/3.2.1 The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. | 9.8 |
| 2022-04-28 | CVE-2022-28117 | Server-Side Request Forgery (SSRF) vulnerability in Naviwebs Navigate CMS 2.9.4 A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. | 4.9 |
| 2022-04-26 | CVE-2022-27469 | Server-Side Request Forgery (SSRF) vulnerability in Monstaftp Monsta FTP 2.10.3 Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). | 9.8 |
| 2022-04-25 | CVE-2022-27311 | Server-Side Request Forgery (SSRF) vulnerability in Gibbon Project Gibbon Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. | 9.8 |
| 2022-04-25 | CVE-2022-27429 | Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 1.9.5 Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | 9.8 |