Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2020-08-31 CVE-2020-12644 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
network
low complexity
open-xchange CWE-918
4.0
2020-08-29 CVE-2020-24898 Server-Side Request Forgery (SSRF) vulnerability in Stiltsoft Table Filter and Charts FOR Confluence Server
The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).
network
low complexity
stiltsoft CWE-918
4.0
2020-08-28 CVE-2020-9298 Server-Side Request Forgery (SSRF) vulnerability in Spinnaker Orca
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
network
low complexity
spinnaker CWE-918
5.0
2020-08-26 CVE-2020-24548 Server-Side Request Forgery (SSRF) vulnerability in Ericom Access Server 9.2.0
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.
network
low complexity
ericom CWE-918
5.0
2020-08-25 CVE-2020-17386 Server-Side Request Forgery (SSRF) vulnerability in Cellopoint Cellos 4.1.10
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly.
network
low complexity
cellopoint CWE-918
4.0
2020-08-24 CVE-2020-14044 Server-Side Request Forgery (SSRF) vulnerability in Codiad
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later.
network
low complexity
codiad CWE-918
7.2
2020-08-21 CVE-2020-5775 Server-Side Request Forgery (SSRF) vulnerability in Instructure Canvas Learning Management Service 20200729
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
network
low complexity
instructure CWE-918
5.0
2020-08-17 CVE-2020-15152 Server-Side Request Forgery (SSRF) vulnerability in Ftp-Srv Project Ftp-Srv
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable.
network
low complexity
ftp-srv-project CWE-918
5.0
2020-08-17 CVE-2020-8226 Server-Side Request Forgery (SSRF) vulnerability in PHPbb
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.
network
low complexity
phpbb CWE-918
5.0
2020-08-13 CVE-2020-13286 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
network
low complexity
gitlab CWE-918
4.0