CWE-918: Server-Side Request Forgery (SSRF)

This vulnerability in TrueLayer.NET SDK allows attackers to manipulate HttpClient destination URLs, potentially redirecting API requests to malicious ...

CVE-2024-21642 is a server-side request forgery (SSRF) vulnerability in D-Tale versions before 3.9.0 that allows attackers to access files on the serv...

CVE-2023-7078 is a server-side request forgery (SSRF) vulnerability in Miniflare's development server that allows attackers to send arbitrary HTTP and...

This vulnerability in nuxt-api-party allows attackers to bypass URL validation by adding leading whitespace before absolute URLs, enabling Server-Side...

CVE-2023-45966 is a Blind Server-Side Request Forgery vulnerability in umputun remark42 comment server versions 1.12.1 and earlier. It allows attacker...

This vulnerability in calibre's HTML conversion plugin allows Server-Side Request Forgery (SSRF) by default, enabling attackers to access resources ou...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in GeoNode versions 3.2.0 through 4.1.3 that bypasses existing URL whitelist con...

This vulnerability in Jenkins Bitbucket Plugin allows attackers to steal Bitbucket credentials stored in Jenkins by sending malicious webhook payloads...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in GeoNode's proxy endpoint. Attackers can exploit the `/proxy/?url=` endpoint t...

This vulnerability in InfoDoc Document On-line Submission and Approval System allows unauthenticated attackers to perform Server-Side Request Forgery ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Moodle's cURL blocked hosts list logic. The flaw allows attackers to bypass I...

CVE-2023-26735 is an access control vulnerability in blackbox_exporter v0.23.0 that allows attackers to probe internal network ports and services thro...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in DELMIA Apriso manufacturing software. Unauthenticated attackers can force the...

Appwrite versions up to 1.2.1 contain a Server-Side Request Forgery (SSRF) vulnerability in the /v1/avatars/favicon endpoint. Attackers can send craft...

This vulnerability in Moodle allows attackers to bypass cURL security restrictions through insufficient redirect handling, enabling blind Server-Side ...

CVE-2022-4492 is a server certificate validation bypass vulnerability in Undertow HTTP client. It allows attackers to perform man-in-the-middle attack...

CVE-2022-2339 is a Server-Side Request Forgery (SSRF) vulnerability in NocoDB that allows attackers to make requests to internal network resources fro...

CVE-2022-28997 is a Server-Side Request Forgery (SSRF) vulnerability in CSZCMS v1.3.0 that allows attackers to make the server request internal resour...

This Server-Side Request Forgery (SSRF) vulnerability in draw.io allows attackers to make unauthorized requests from the server to internal systems. I...

This Server-Side Request Forgery (SSRF) vulnerability in draw.io allows attackers to make unauthorized requests from the server to internal systems. I...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the /proxy endpoint of draw.io diagramming software. Attackers can exploit th...

This vulnerability allows unauthenticated attackers to invoke an API transaction that relays encrypted WhatsUp Gold user credentials to arbitrary host...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in GeoServer that allows attackers to make arbitrary HTTP requests from the vuln...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the hoppscotch/proxyscotch package when interceptor mode is set to proxy. It ...

CVE-2021-44139 is a Server-Side Request Forgery (SSRF) vulnerability in Sentinel 1.8.2 that allows attackers to make unauthorized requests from the vu...

This vulnerability allows Server-Side Request Forgery (SSRF) attacks against the XMPP Server component in Pascom Cloud Phone System and other JIve pla...

This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks against TYPO3 installations using vulnerable...

This Server-Side Request Forgery (SSRF) vulnerability in Gitea before version 1.7.0 allows attackers to make unauthorized requests from the Gitea serv...

This vulnerability allows unprivileged users to perform port scanning on internal networks via Apache Traffic Control Traffic Ops. Attackers can send ...

CVE-2022-0132 is a Server-Side Request Forgery (SSRF) vulnerability in PeerTube that allows attackers to make the server send HTTP requests to arbitra...

This vulnerability allows unauthenticated attackers to manipulate Apache Kylin's streaming cube management and replica sets via unprotected REST API e...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in VMware Workspace ONE Access and Identity Manager products. It allows attacker...

This vulnerability allows attackers to perform Server-Side Request Forgery (SSRF) attacks through the ActionExecutor component in Zoho ManageEngine Su...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Concrete CMS that allows authenticated users to make requests to internal net...

YzmCMS v5.5 contains a server-side request forgery (SSRF) vulnerability in the grab_image() function that allows attackers to make arbitrary HTTP requ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the vRealize Operations Manager API. Unauthenticated attackers with network a...

This SSRF vulnerability in Gotenberg allows attackers to read local files or access internal network resources through the remote URL to PDF conversio...

This SSRF vulnerability in MipCMS allows attackers to make the server send unauthorized requests to internal systems. Attackers can potentially access...

This CVE describes a server-side request forgery (SSRF) vulnerability in the Podcast Importer SecondLine WordPress plugin. Attackers can exploit this ...

This vulnerability allows attackers to bypass IP-based access controls in Django applications by using leading zeros in IPv4 addresses (octal notation...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in YzmCMS 5.8's background collection management feature. It allows authenticate...

CVE-2021-33511 is a Server-Side Request Forgery (SSRF) vulnerability in Plone CMS that allows attackers to make unauthorized requests from the server ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in JetBrains TeamCity that allows attackers to make unauthorized requests from t...

This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks against Inim Electronics Smartliving SmartLA...

This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks through the LikeBtn WordPress plugin. Attack...

This Server-Side Request Forgery (SSRF) vulnerability in FlyCMS allows attackers to make the server send HTTP requests to arbitrary internal or extern...

This vulnerability is a Server-Side Request Forgery (SSRF) in the MySQL access check of MB connect line products, allowing attackers to scan internal ...

CVE-2020-35667 is a Server-Side Request Forgery (SSRF) vulnerability in JetBrains TeamCity Plugin that allows attackers to make unauthorized requests ...

This is a Server-Side Request Forgery (SSRF) vulnerability in Winmail 6.5 that allows attackers to manipulate the server into making unauthorized HTTP...

This vulnerability in MaxKB allows authenticated users to bypass sandbox restrictions and execute Python code that can access internal network service...