Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-08	CVE-2019-5725	Server-Side Request Forgery (SSRF) vulnerability in Qibosoft 1.0/7.0 qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. network low complexity qibosoft CWE-918	7.5
2019-01-03	CVE-2018-19601	Server-Side Request Forgery (SSRF) vulnerability in Rhymix 1.9.8.1 Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. network low complexity rhymix CWE-918 critical	9.1
2019-01-03	CVE-2019-3905	Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. network low complexity zohocorp CWE-918 critical	10.0
2019-01-02	CVE-2018-14721	Server-Side Request Forgery (SSRF) vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. network low complexity fasterxml debian oracle redhat CWE-918 critical	10.0
2018-12-30	CVE-2018-20596	Server-Side Request Forgery (SSRF) vulnerability in Jspxcms 9.0.0 Jspxcms v9.0.0 allows SSRF. network low complexity jspxcms CWE-918 critical	9.8
2018-12-28	CVE-2018-20528	Server-Side Request Forgery (SSRF) vulnerability in Jeecms 9 JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. network low complexity jeecms CWE-918	6.5
2018-12-24	CVE-2018-20436	Server-Side Request Forgery (SSRF) vulnerability in Telegram and web The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. network high complexity telegram CWE-918	8.1
2018-12-19	CVE-2018-20228	Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.5 Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. network low complexity subsonic CWE-918	8.0
2018-12-04	CVE-2018-18843	Server-Side Request Forgery (SSRF) vulnerability in Gitlab The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. network low complexity gitlab CWE-918 critical	10.0
2018-12-04	CVE-2018-18646	Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. network low complexity gitlab CWE-918	8.8