CWE-918: Server-Side Request Forgery (SSRF)

This Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows attackers to make unauthorized requests from the se...

CVE-2022-46973 is a Server-Side Request Forgery (SSRF) vulnerability in Report v0.9.8.6 that allows attackers to make unauthorized requests from the v...

CVE-2022-37938 is an unauthenticated server-side request forgery (SSRF) vulnerability in HPE Serviceguard Manager that allows attackers to make arbitr...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the parse-url npm package versions prior to 7.0.0. Attackers can exploit this...

flatCore-CMS version 2.0.8 contains dangerous function calls that allow server-side request forgery (SSRF) attacks. This vulnerability enables attacke...

This SSRF vulnerability in HPE OneView allows attackers to make unauthorized requests from the vulnerable server to internal systems. Attackers could ...

This vulnerability in the Fusion Builder WordPress plugin (used by Avada theme) allows attackers to make arbitrary HTTP requests from the vulnerable s...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Northern.tech's Mender Enterprise iot-manager microservice. It allows attacke...

CVE-2022-27311 is a Server-Side Request Forgery (SSRF) vulnerability in Gibbon v3.4.4 and earlier that allows attackers to make unauthorized requests ...

Jizhicms v1.9.5 contains a Server-Side Request Forgery (SSRF) vulnerability in the /admin.php/Plugins/update.html endpoint. This allows attackers to m...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Calibre-Web, an open-source web application for managing eBook collections. A...

CVE-2022-24568 is a Server-Side Request Forgery (SSRF) vulnerability in Novel-plus v3.6.0 that allows attackers to make arbitrary HTTP requests from t...

This Server Side Request Forgery (SSRF) vulnerability in PrinterLogic Web Stack allows attackers to use user-controlled input to craft URLs, potential...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in calibre-web versions prior to 0.6.16. Attackers can exploit this to make the ...

CVE-2022-0086 is a Server-Side Request Forgery (SSRF) vulnerability in the Uppy file uploader library. It allows attackers to make unauthorized reques...

CVE-2021-44659 is a Server-Side Request Forgery (SSRF) vulnerability in GoCD server version 21.3.0 that allows authenticated administrators to abuse p...

CVE-2021-40091 is a Server-Side Request Forgery (SSRF) vulnerability in SquaredUp for SCOM that allows attackers to make unauthorized requests from th...

CVE-2021-22049 is a Server-Side Request Forgery (SSRF) vulnerability in the vSAN Web Client plug-in for vSphere Web Client (FLEX/Flash). It allows att...

CVE-2021-39497 is a Server-Side Request Forgery (SSRF) vulnerability in eyoucms 1.5.4 that allows attackers to inject URLs via the saveRemote() functi...

Nagios XI Docker Wizard versions before 1.1.3 contain a Server-Side Request Forgery (SSRF) vulnerability in table_population.php due to improper input...

This vulnerability allows unauthenticated attackers to make the web server fetch and display content from any URI via exposed proxy functionality in a...

This is a server-side request forgery (SSRF) vulnerability in the Video Downloader for TikTok WordPress plugin version 1.3. It allows attackers to mak...

This Server-Side Request Forgery (SSRF) vulnerability in Zoho ManageEngine ServiceDesk Plus MSP allows attackers to make unauthorized requests from th...

CVE-2020-15377 is a Server-Side Request Forgery (SSRF) vulnerability in Brocade SANnav Webtools that allows unauthenticated attackers to make requests...

CVE-2021-21985 is a critical remote code execution vulnerability in VMware vSphere Client's Virtual SAN Health Check plugin. Attackers with network ac...

CVE-2017-17674 is a remote/local file inclusion vulnerability in BMC Remedy Mid Tier that allows attackers to read arbitrary files and make unauthoriz...

This CVE describes a critical Server-Side Request Forgery (SSRF) vulnerability in Aruba ClearPass Policy Manager that can lead to remote code executio...

This SSRF vulnerability in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code by exploiting the theme/plugin installer functionality. A...

CVE-2021-27905 is a Server-Side Request Forgery (SSRF) vulnerability in Apache Solr's ReplicationHandler that allows attackers to make arbitrary HTTP ...

CVE-2021-22986 is an unauthenticated remote command execution vulnerability in the iControl REST interface of F5 BIG-IP and BIG-IQ devices. Attackers ...

This SSRF vulnerability in gopeak masterlab 2.1.5 allows attackers to make arbitrary HTTP requests from the vulnerable server via the 'source' paramet...

CVE-2021-27670 is a Server-Side Request Forgery (SSRF) vulnerability in Appspace 6.2.4 that allows attackers to make unauthorized requests from the vu...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Accellion File Transfer Appliance (FTA) versions 9_12_411 and earlier. Attack...

This Server-Side Request Forgery (SSRF) vulnerability in Quest Policy Authority's Web Compliance Manager allows attackers to scan internal network por...

CVE-2020-35712 is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server that allows attackers to make unauthorized requests from th...

CVE-2020-28360 is a Server-Side Request Forgery (SSRF) vulnerability in the private-ip npm package versions 1.0.5 and below. The insufficient regular ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in CRMEB 3.0's downloadimage interface that allows attackers to download arbitra...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in libtaxii and OpenTAXII that allows attackers to make arbitrary HTTP requests ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Emby Server that allows attackers to make unauthorized requests from the serv...

This vulnerability in Zimbra Collaboration Suite allows Server-Side Request Forgery (SSRF) when the WebEx zimlet is installed and JSP functionality is...

This SSRF vulnerability in Typebot allows authenticated users to make arbitrary HTTP requests from the server, including accessing AWS Instance Metada...

This SSRF vulnerability in Illia Cloud illia-Builder allows authenticated users to make arbitrary requests to internal services via the API. Attackers...

A Server-Side Request Forgery (SSRF) vulnerability in Logpoint versions before 7.4.0 allows attackers with low-level access to make unauthorized reque...

This vulnerability in OpenComputers Minecraft mod allows players to access cloud metadata services and local network resources through improperly filt...

Ghostfolio versions before 2.245.0 contain a server-side request forgery (SSRF) vulnerability in the manual asset import feature. Attackers can exploi...

CVE-2025-67494 is an unauthenticated server-side request forgery (SSRF) vulnerability in ZITADEL identity infrastructure. Attackers can force the ZITA...

This SSRF vulnerability in LLaVA's Controller API Server allows attackers to make the server send unauthorized requests to internal or external system...

This SSRF vulnerability in FastChat's Controller API Server allows attackers to make the server send unauthorized requests to internal or external sys...

This CVE describes a server-side request forgery (SSRF) vulnerability in MindsDB that allows attackers to bypass SSRF protection using DNS rebinding t...

This vulnerability in MESbook allows unauthenticated attackers to make server-side requests to internal systems via vulnerable API endpoints. Attacker...