Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-29 | CVE-2020-22002 | Server-Side Request Forgery (SSRF) vulnerability in Inim products An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. | 7.5 |
| 2021-04-29 | CVE-2021-29145 | Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Clearpass A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. | 9.8 |
| 2021-04-28 | CVE-2021-31779 | Server-Side Request Forgery (SSRF) vulnerability in Yoast SEO 7.2.0 The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account. | 6.4 |
| 2021-04-26 | CVE-2021-29475 | Server-Side Request Forgery (SSRF) vulnerability in Hedgedoc HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. | 10.0 |
| 2021-04-20 | CVE-2020-35313 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | 9.8 |
| 2021-04-14 | CVE-2021-28060 | Server-Side Request Forgery (SSRF) vulnerability in Group-Office Group Office 6.4.196 A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. | 5.3 |
| 2021-04-13 | CVE-2021-27905 | Server-Side Request Forgery (SSRF) vulnerability in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. | 9.8 |
| 2021-04-12 | CVE-2021-29357 | Server-Side Request Forgery (SSRF) vulnerability in Outsystems products The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. | 8.6 |
| 2021-04-08 | CVE-2021-20480 | Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). | 6.5 |
| 2021-04-07 | CVE-2020-24140 | Server-Side Request Forgery (SSRF) vulnerability in Wcms 0.3.2 Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. | 8.3 |