Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-28 | CVE-2020-24710 | Server-Side Request Forgery (SSRF) vulnerability in Getgophish Gophish Gophish before 0.11.0 allows SSRF attacks. | 5.3 |
| 2020-10-26 | CVE-2020-7126 | Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1 A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 5.8 |
| 2020-10-23 | CVE-2020-25466 | Server-Side Request Forgery (SSRF) vulnerability in Crmeb 3.0 A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. | 9.8 |
| 2020-10-23 | CVE-2020-15002 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. | 5.0 |
| 2020-10-21 | CVE-2020-25820 | Server-Side Request Forgery (SSRF) vulnerability in Bigbluebutton BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. | 6.5 |
| 2020-10-20 | CVE-2020-6308 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. | 5.3 |
| 2020-10-19 | CVE-2020-15822 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | 7.3 |
| 2020-10-17 | CVE-2020-27197 | Server-Side Request Forgery (SSRF) vulnerability in multiple products TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. | 9.8 |
| 2020-10-10 | CVE-2020-26948 | Server-Side Request Forgery (SSRF) vulnerability in Emby Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | 9.8 |
| 2020-10-01 | CVE-2020-5784 | Server-Side Request Forgery (SSRF) vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.03 Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. | 6.5 |