Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-21215 | Server-Side Request Forgery (SSRF) vulnerability in Airspan products This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. | 9.8 |
| 2022-02-10 | CVE-2022-24568 | Server-Side Request Forgery (SSRF) vulnerability in Xxyopen Novel-Plus 3.6.0 Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | 9.8 |
| 2022-02-09 | CVE-2021-25939 | Server-Side Request Forgery (SSRF) vulnerability in Arangodb In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. | 2.7 |
| 2022-02-08 | CVE-2021-45325 | Server-Side Request Forgery (SSRF) vulnerability in Gitea Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | 7.5 |
| 2022-02-06 | CVE-2022-23206 | Server-Side Request Forgery (SSRF) vulnerability in Apache Traffic Control In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | 7.5 |
| 2022-02-04 | CVE-2022-24129 | Server-Side Request Forgery (SSRF) vulnerability in Shibboleth Oidc OP The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. | 8.2 |
| 2022-02-02 | CVE-2021-42637 | Server-Side Request Forgery (SSRF) vulnerability in Printerlogic web Stack 19.1.1.13 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. | 9.8 |
| 2022-01-28 | CVE-2021-22821 | Server-Side Request Forgery (SSRF) vulnerability in Schneider-Electric products A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. | 8.6 |
| 2022-01-28 | CVE-2022-22993 | Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. | 8.8 |
| 2022-01-25 | CVE-2022-21697 | Server-Side Request Forgery (SSRF) vulnerability in Jupyter Server Proxy Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. | 7.1 |