Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-08-12 CVE-2018-3774 Server-Side Request Forgery (SSRF) vulnerability in Url-Parse Project Url-Parse
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
network
low complexity
url-parse-project CWE-918
critical
 10.0
10
2018-08-08 CVE-2018-15192 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
network
low complexity
gogs gitea CWE-918
8.6
8.6
2018-08-03 CVE-2018-14728 Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.1
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
network
low complexity
tecrail CWE-918
critical
 9.8
9.8
2018-08-02 CVE-2018-14858 Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8.
network
low complexity
icmsdev CWE-918
7.5
7.5
2018-08-01 CVE-2018-1999039 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Confluence Publisher
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
network
low complexity
jenkins CWE-918
4.3
4.3
2018-08-01 CVE-2018-1999026 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Tracetronic Ecu-Test
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.
network
low complexity
jenkins CWE-918
6.5
6.5
2018-07-23 CVE-2018-1999017 Server-Side Request Forgery (SSRF) vulnerability in Pydio
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server.
network
low complexity
pydio CWE-918
4.9
4.9
2018-07-23 CVE-2018-14514 Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms 7.0.9
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
network
low complexity
icmsdev CWE-918
critical
 9.8
9.8
2018-07-20 CVE-2018-5006 Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability.
network
low complexity
adobe CWE-918
7.5
7.5
2018-07-20 CVE-2018-5004 Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability.
network
low complexity
adobe CWE-918
7.5
7.5