Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-20404 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. | 5.3 |
| 2024-06-05 | CVE-2024-5526 | Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. | 9.1 |
| 2024-06-04 | CVE-2024-36675 | Server-Side Request Forgery (SSRF) vulnerability in Lylme Spage 1.9.5 LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. | 9.1 |
| 2024-06-04 | CVE-2024-4219 | Server-Side Request Forgery (SSRF) vulnerability in Beyondtrust Beyondinsight 23.1 Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. | 9.1 |
| 2024-02-14 | CVE-2023-5122 | Server-Side Request Forgery (SSRF) vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 5.3 |
| 2024-02-12 | CVE-2024-23761 | Server-Side Request Forgery (SSRF) vulnerability in Gambio 4.9.2.0 Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | 9.8 |
| 2024-02-12 | CVE-2023-6294 | Server-Side Request Forgery (SSRF) vulnerability in Sygnoos Popup Builder The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. | 7.2 |
| 2024-02-09 | CVE-2024-24829 | Server-Side Request Forgery (SSRF) vulnerability in Sentry Sentry is an error tracking and performance monitoring platform. | 5.3 |
| 2024-02-08 | CVE-2023-42282 | Server-Side Request Forgery (SSRF) vulnerability in Fedorindutny IP The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. | 9.8 |
| 2024-02-08 | CVE-2024-24113 | Server-Side Request Forgery (SSRF) vulnerability in Xuxueli Xxl-Job xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. | 8.8 |