CWE-918: Server-Side Request Forgery (SSRF)

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Darren Cooney Instant Images WordPress plugin. It allows authenticated at...

This Server-Side Request Forgery (SSRF) vulnerability in Deskpro Support Desk allows attackers to craft malicious URLs that trick the server into maki...

CVE-2023-36925 is a server-side request forgery (SSRF) vulnerability in SAP Solution Manager Diagnostics Agent version 7.20 that allows unauthenticate...

This vulnerability in the Import Export All WordPress Images, Users & Post Types plugin allows administrators to perform Blind Server-Side Request For...

CVE-2022-24871 is a server-side request forgery (SSRF) vulnerability in Shopware's Admin SDK functionality that allows attackers to read or update int...

CVE-2021-33581 is a Server-Side Request Forgery (SSRF) vulnerability in MashZone NextGen that allows attackers to interact with arbitrary TCP services...

CVE-2021-4075 is a Server-Side Request Forgery (SSRF) vulnerability in Snipe-IT that allows attackers to make the application send unauthorized reques...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Emissary, a P2P-based workflow engine. Attackers can exploit the RegisterPeer...

CVE-2021-21311 is a server-side request forgery (SSRF) vulnerability in Adminer database management software that allows attackers to make unauthorize...

StorageGRID versions with Single Sign-on enabled and configured to use Microsoft Entra ID are vulnerable to Server-Side Request Forgery (SSRF). This a...

This CVE describes a server-side request forgery (SSRF) vulnerability in TrustTunnel VPN software that allows attackers to bypass private network rest...

A Server-Side Request Forgery (SSRF) vulnerability in vLLM's MediaConnector class allows attackers to bypass host restrictions and make the server sen...

This Server-Side Request Forgery (SSRF) vulnerability in Microsoft Office SharePoint allows authenticated attackers to make unauthorized requests from...

A Server-Side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) allows attackers to manipulate parameters to access internal sys...

FreshRSS versions before 1.26.2 contain an authentication bypass vulnerability when using HTTP auth via reverse proxy. Attackers with an account on th...

This vulnerability allows authenticated low-privileged users in WhatsUp Gold to perform server-side request forgery (SSRF) attacks. By chaining this S...

This Server-Side Request Forgery (SSRF) vulnerability in the Spectra WordPress plugin allows attackers to make unauthorized requests from the vulnerab...

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central allows an authenticated attacker to make requests to...

This Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates plugin allows attackers to make unauthorized requests from...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress Shortcodes Ultimate plugin. It allows attackers to make the vul...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache XML Graphics Batik version 1.16. A malicious SVG file can trigger the ...

This CVE describes a server-side request forgery (SSRF) vulnerability in IBM Watson Machine Learning on Cloud Pak for Data. An authenticated attacker ...

This vulnerability in Veritas NetBackup allows authenticated attackers on NetBackup Clients to remotely read arbitrary files, perform Server-Side Requ...

This SSRF vulnerability in Craft CMS allows attackers with GraphQL asset management permissions to force the server to fetch content from arbitrary in...

This vulnerability in grist-core allows authenticated users to perform server-side request forgery (SSRF) attacks. Any user with document access can e...

This SSRF vulnerability in the Real Cookie Banner WordPress plugin allows authenticated administrators to make arbitrary HTTP requests from the web se...

The WP Scraper WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated administrators to make arbitrary...

This vulnerability allows admin-level attackers in Vasion Print (formerly PrinterLogic) to exploit improper input validation in printer configuration ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in multiple Ivanti security products that allows authenticated administrators to...

This Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help WordPress plugin allows attackers to make the vulnerable server send HT...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Dell SmartFabric OS10 Software. A high-privileged attacker with remote access...

This Server-Side Request Forgery vulnerability in Emlog Pro allows attackers to make the vulnerable server send requests to internal network resources...

This SSRF vulnerability in Dell PowerProtect DD allows remote attackers with high privileges to make the server send requests to internal systems, pot...

This vulnerability allows unauthorized external users to perform Server Side Request Forgery (SSRF) attacks through GitLab's CI Lint API. Attackers ca...

CVE-2021-22175 is a server-side request forgery (SSRF) vulnerability in GitLab that allows unauthenticated attackers to make requests to internal netw...

This vulnerability in Doccano's annotation tools allows remote attackers to escalate privileges via the model_attribs parameter. It affects users of D...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in ZITADEL's Action V2 feature that allows attackers to make ZITADEL send reques...

This vulnerability in Astro web framework versions 9.0.0-9.5.3 allows attackers to bypass image domain restrictions when the inferSize option is enabl...

Payload CMS versions before 3.75.0 contain a Server-Side Request Forgery (SSRF) vulnerability in external file upload functionality. Authenticated use...

This CVE describes a Server-Side Request Forgery (SSRF) bypass vulnerability in Craft CMS. The SSRF validation in GraphQL Asset mutations fails to pro...

This SSRF vulnerability in Azure DevOps Server allows authenticated attackers to make the server send requests to internal systems, potentially access...

This vulnerability in Craft CMS allows authenticated attackers with permission to use the save_images_Asset GraphQL mutation to bypass hostname valida...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Craft CMS where attackers can bypass SSRF protections by exploiting HTTP redi...

This vulnerability allows attackers to bypass IP address blocklists in Craft CMS by using alternative IP notations (hexadecimal, mixed) that aren't re...

This vulnerability allows authenticated attackers with low-level privileges in Hubert Imoveis e Administracao Ltda Hub v2.0 to access other users' inf...

Miniflux 2's media proxy endpoint can be abused by authenticated users to perform Server-Side Request Forgery (SSRF), allowing attackers to make the s...

Knowage versions before 8.1.37 have a blind server-side request forgery vulnerability that allows attackers to send requests to arbitrary internal hos...

A Blind Server-Side Request Forgery vulnerability in evershop allows unauthenticated attackers to force the server to make HTTP requests to arbitrary ...

Parse Server's Instagram authentication adapter allows attackers to specify custom API URLs, enabling Server-Side Request Forgery (SSRF) attacks. This...

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter. Attackers with valid ...