Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-19	CVE-2018-20228	Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.5 Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. network low complexity subsonic CWE-918	8.0
2018-12-04	CVE-2018-18843	Server-Side Request Forgery (SSRF) vulnerability in Gitlab The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. network low complexity gitlab CWE-918 critical	10.0
2018-12-04	CVE-2018-18646	Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. network low complexity gitlab CWE-918	8.8
2018-11-28	CVE-2018-19651	Server-Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. network low complexity interspire CWE-918	6.5
2018-11-07	CVE-2018-19047	Server-Side Request Forgery (SSRF) vulnerability in Mpdf Project Mpdf mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. network low complexity mpdf-project CWE-918 critical	10.0
2018-10-31	CVE-2018-18867	Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.4 An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. network low complexity tecrail CWE-918	8.6
2018-10-29	CVE-2018-18753	Server-Side Request Forgery (SSRF) vulnerability in Typecho 1.1 Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. network low complexity typecho CWE-918 critical	9.8
2018-09-21	CVE-2018-16793	Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2010 Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. network low complexity microsoft CWE-918	8.6
2018-09-18	CVE-2018-16794	Server-Side Request Forgery (SSRF) vulnerability in Microsoft Active Directory Federation Services Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. network low complexity microsoft CWE-918	8.6
2018-09-11	CVE-2018-2463	Server-Side Request Forgery (SSRF) vulnerability in SAP Hybris The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. network low complexity sap CWE-918	8.6