Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-10-24 CVE-2019-18394 Server-Side Request Forgery (SSRF) vulnerability in Igniterealtime Openfire
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
network
low complexity
igniterealtime CWE-918
critical
9.8
2019-10-23 CVE-2019-18355 Server-Side Request Forgery (SSRF) vulnerability in Thycotic Secret Server
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
network
low complexity
thycotic CWE-918
critical
9.8
2019-10-21 CVE-2019-17400 Server-Side Request Forgery (SSRF) vulnerability in Universal Office Converter Project Universal Office Converter
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
7.5
2019-10-17 CVE-2019-17670 Server-Side Request Forgery (SSRF) vulnerability in multiple products
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
network
low complexity
wordpress debian CWE-918
critical
9.8
2019-10-17 CVE-2019-17669 Server-Side Request Forgery (SSRF) vulnerability in multiple products
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
network
low complexity
wordpress debian CWE-918
critical
9.8
2019-10-14 CVE-2019-14225 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
network
low complexity
open-xchange CWE-918
5.4
2019-10-11 CVE-2017-18638 Server-Side Request Forgery (SSRF) vulnerability in Graphite Project Graphite
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF.
network
low complexity
graphite-project CWE-918
7.5
2019-10-09 CVE-2019-15021 Server-Side Request Forgery (SSRF) vulnerability in Zingbox Inspector
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.
network
low complexity
zingbox CWE-918
5.3
2019-10-03 CVE-2019-15164 Server-Side Request Forgery (SSRF) vulnerability in Tcpdump Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
network
low complexity
tcpdump CWE-918
5.3
2019-10-02 CVE-2019-13335 Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
network
low complexity
salesagility CWE-918
critical
9.8