Vulnerabilities > Server-Side Request Forgery (SSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-17 | CVE-2019-6837 | Server-Side Request Forgery (SSRF) vulnerability in Schneider-Electric products A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL. | 9.1 |
2019-09-16 | CVE-2019-15731 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. | 5.0 |
2019-09-16 | CVE-2019-15730 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. | 5.0 |
2019-09-16 | CVE-2019-15728 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. | 5.0 |
2019-09-11 | CVE-2019-8451 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Server The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | 6.4 |
2019-09-10 | CVE-2019-12996 | Server-Side Request Forgery (SSRF) vulnerability in Mendix In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. | 5.0 |
2019-09-09 | CVE-2019-6793 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. | 6.8 |
2019-08-26 | CVE-2019-13020 | Server-Side Request Forgery (SSRF) vulnerability in Trms Tightrope Media Carousel The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. | 6.4 |
2019-08-23 | CVE-2019-15494 | Server-Side Request Forgery (SSRF) vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | 7.5 |
2019-08-22 | CVE-2016-10927 | Server-Side Request Forgery (SSRF) vulnerability in Neliosoftware Nelio AB Testing The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. | 6.4 |