CWE-918: Server-Side Request Forgery (SSRF)

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration's RSS feed parser. It allows attackers to redirect reque...

Imgproxy fails to block the 0.0.0.0 address even when loopback source addresses are restricted, allowing attackers to potentially access services on t...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in OpenShift Console's /api/dev-console/proxy/internet endpoint. Authenticated u...

This vulnerability in Ada.cx's Sentry configuration allows attackers to perform blind server-side request forgery (SSRF) attacks through a data scrapi...

CVE-2024-33117 is a Server-Side Request Forgery (SSRF) vulnerability in crmeb_java v1.3.4 that allows attackers to make the server send unauthorized r...

CVE-2024-46413 is a Server-Side Request Forgery (SSRF) vulnerability in Rebuild v3.7.7 that allows attackers to make the server send HTTP requests to ...

This SSRF vulnerability in the MP3 Audio Player WordPress plugin allows authenticated attackers with author-level access to make arbitrary web request...

ClipBucket v5's Remote Play feature allows users to create video entries referencing external URLs. Attackers can exploit this by specifying internal ...

The DK PDF WordPress plugin is vulnerable to Server-Side Request Forgery (SSRF) that allows authenticated attackers (author level or higher) to make a...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration Suite (ZCS) versions before 10.1.12, caused by misconfig...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to perform blind Server-Side Request Forgery (SSRF) att...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Langfuse's webhook handler. Attackers can manipulate the promptChangeEventSou...

The Grafana Infinity datasource plugin contains a URL restriction bypass vulnerability that allows attackers to access unauthorized endpoints. This af...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in DevExpress AsyncDownloader components. Attackers can exploit this to make the...

CVE-2024-41737 is a server-side request forgery (SSRF) vulnerability in SAP CRM ABAP Insights Management that allows authenticated attackers to enumer...

This Server-Side Request Forgery (SSRF) vulnerability in SAP Transportation Management (Collaboration Portal) allows authenticated non-administrative ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Directus that allows attackers to bypass DNS resolution protections via HTTP ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Alobaidi Extend Link WordPress plugin. It allows attackers to make the vu...

This vulnerability allows authenticated users in the System Administrator group of Group-Office to perform Server-Side Request Forgery (SSRF) attacks ...

NocoDB versions before 0.301.0 contain a blind SSRF vulnerability in the uploadViaURL functionality. The initial HEAD request for metadata lacks SSRF ...

This Server-Side Request Forgery (SSRF) vulnerability in the ANAC XML Viewer WordPress plugin allows attackers to make the vulnerable server send unau...

This SSRF vulnerability in the WordPress External Media plugin allows attackers to make unauthorized requests from the server to internal or external ...

This Server-Side Request Forgery (SSRF) vulnerability in the Jthemes Genemy WordPress theme allows attackers to make unauthorized requests from the vu...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Youzify WordPress plugin. Attackers can exploit this vulnerability to mak...

This SSRF vulnerability in the HETWORKS WordPress Image Shrinker plugin allows attackers to make the server send requests to internal or external syst...

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver, potentially exposing sensitive ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress Slider Templates plugin. It allows attackers to make the vulner...

This SSRF vulnerability in WP eBay Product Feeds allows attackers to make unauthorized requests from the vulnerable server to internal or external sys...

This SSRF vulnerability in the Ai Auto Tool Content Writing Assistant WordPress plugin allows attackers to make the server send unauthorized requests ...

This SSRF vulnerability in the PowerPress Podcasting WordPress plugin allows attackers to make unauthorized requests from the server to internal or ex...

This Server-Side Request Forgery (SSRF) vulnerability in the Solace Extra WordPress plugin allows attackers to make the vulnerable server send unautho...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Adam Pery Animate WordPress plugin. It allows attackers to make the vulne...

This Server-Side Request Forgery (SSRF) vulnerability in the PowerPress Podcasting WordPress plugin allows attackers to make the vulnerable server sen...

This Server-Side Request Forgery (SSRF) vulnerability in the Waymark WordPress plugin allows attackers to make unauthorized requests from the server t...

This Server-Side Request Forgery (SSRF) vulnerability in WP Compress for MainWP allows attackers to make the vulnerable server send HTTP requests to i...

This Server-Side Request Forgery (SSRF) vulnerability in the SuitePlugins Video & Photo Gallery for Ultimate Member WordPress plugin allows attackers ...

This SSRF vulnerability in mipjz 5.0.5 allows attackers to make the server send HTTP requests to internal systems by manipulating the postAddress para...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in mipjz 5.0.5 where the mipPost method in ApiAdminTool.php fails to validate th...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce that allows authenticated administrators to force the applicat...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WappPress WordPress plugin. Attackers can exploit this to make the vulner...

This Server-Side Request Forgery (SSRF) vulnerability in the Converter for Media WordPress plugin allows unauthenticated attackers to make arbitrary w...

This Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core WordPress plugin allows attackers to make unauthorized requests fr...

This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks via the 'nice_links' feature in the Better M...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in BeyondInsight HTTP-based connectors that allows attackers to make arbitrary H...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in ZenTao's Webhook Module. Attackers can exploit the fetchHook function to make...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in InvoiceNinja's migration import functionality. Attackers can manipulate the c...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in go-sonic's Theme Fetching API. Attackers can manipulate the 'uri' parameter i...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in xerrors Yuxi-Know software up to version 0.4.0. Attackers can manipulate the ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in dayrui XunRuiCMS up to version 4.7.1. Attackers can exploit this by manipulat...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in dayrui XunRuiCMS up to version 4.7.1. The flaw allows attackers to make unaut...