Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-07 | CVE-2020-24139 | Server-Side Request Forgery (SSRF) vulnerability in Wcms 0.3.2 Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. | 8.3 |
| 2021-04-05 | CVE-2021-24150 | Server-Side Request Forgery (SSRF) vulnerability in Likebtn-Like-Button Project Likebtn-Like-Button The LikeBtn WordPress Like Button Rating ? LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). | 7.5 |
| 2021-04-02 | CVE-2021-28941 | Server-Side Request Forgery (SSRF) vulnerability in Magpierss Project Magpierss 0.72 Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request. | 5.3 |
| 2021-04-02 | CVE-2021-22696 | Server-Side Request Forgery (SSRF) vulnerability in multiple products CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). | 7.5 |
| 2021-04-01 | CVE-2021-26072 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Confluence Server The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability. | 4.3 |
| 2021-04-01 | CVE-2020-19613 | Server-Side Request Forgery (SSRF) vulnerability in Flycms Project Flycms 20190503 Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | 7.5 |
| 2021-03-31 | CVE-2021-21975 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | 7.5 |
| 2021-03-31 | CVE-2021-22986 | Server-Side Request Forgery (SSRF) vulnerability in F5 products On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. | 9.8 |
| 2021-03-26 | CVE-2021-1627 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Mule MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. | 9.8 |
| 2021-03-25 | CVE-2021-26715 | Server-Side Request Forgery (SSRF) vulnerability in Mitreid Connect The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. | 9.1 |