Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-8977 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. | 8.1 |
| 2024-10-08 | CVE-2024-47008 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |
| 2024-10-07 | CVE-2024-45291 | Server-Side Request Forgery (SSRF) vulnerability in PHPoffice PHPspreadsheet PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. | 8.8 |
| 2024-10-04 | CVE-2024-9410 | Server-Side Request Forgery (SSRF) vulnerability in ADA Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. | 5.3 |
| 2024-09-26 | CVE-2024-45843 | Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba. | 5.4 |
| 2024-09-23 | CVE-2024-47222 | Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. | 9.8 |
| 2024-09-23 | CVE-2024-47066 | Server-Side Request Forgery (SSRF) vulnerability in Lobehub Lobe Chat Lobe Chat is an open-source artificial intelligence chat framework. | 8.8 |
| 2024-09-18 | CVE-2022-25777 | Server-Side Request Forgery (SSRF) vulnerability in Acquia Mautic Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. | 6.5 |
| 2024-09-17 | CVE-2024-47049 | Server-Side Request Forgery (SSRF) vulnerability in Czim File-Handling The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files. | 8.2 |
| 2024-09-13 | CVE-2024-6587 | Server-Side Request Forgery (SSRF) vulnerability in Litellm 1.38.10 A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. | 7.5 |