Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23079 | 1 Halo | 1 Halo | 2021-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | |||||
| CVE-2020-20582 | 1 Mipcms | 1 Mipcms | 2021-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information. | |||||
| CVE-2020-24142 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2021-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services | |||||
| CVE-2020-24148 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2021-07-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | |||||
| CVE-2021-32639 | 1 Nsa | 1 Emissary | 2021-07-06 | 6.5 MEDIUM | 9.9 CRITICAL |
| Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary version 7.0 contains a patch. As a workaround, disable network access to Emissary from untrusted sources. | |||||
| CVE-2021-31531 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2021-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). | |||||
| CVE-2020-21788 | 1 Crmeb | 1 Crmeb | 2021-07-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. | |||||
| CVE-2021-32698 | 1 Elabftw | 1 Elabftw | 2021-06-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0. | |||||
| CVE-2021-21311 | 2 Adminer, Debian | 2 Adminer, Debian Linux | 2021-06-24 | 6.4 MEDIUM | 7.2 HIGH |
| Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9. | |||||
| CVE-2021-34808 | 1 Synology | 1 Media Server | 2021-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | |||||
| CVE-2021-34811 | 1 Synology | 1 Download Station | 2021-06-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
| CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2021-06-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | |||||
| CVE-2021-20483 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2021-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591. | |||||
| CVE-2020-26811 | 1 Sap | 1 Commerce Cloud \(accelerator Payment Mock\) | 2021-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability. | |||||
| CVE-2021-22214 | 1 Gitlab | 1 Gitlab | 2021-06-16 | 4.3 MEDIUM | 8.6 HIGH |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | |||||
| CVE-2021-31950 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-06-15 | 5.5 MEDIUM | 8.1 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964. | |||||
| CVE-2020-15377 | 1 Broadcom | 1 Sannav | 2021-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguration; this is commonly referred to as Server-Side Request Forgery (SSRF). | |||||
| CVE-2021-33181 | 1 Synology | 1 Video Station | 2021-06-10 | 6.5 MEDIUM | 9.1 CRITICAL |
| Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. | |||||
| CVE-2021-33184 | 1 Synology | 1 Download Station | 2021-06-10 | 4.0 MEDIUM | 7.7 HIGH |
| Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2020-35970 | 1 Yzmcms | 1 Yzmcms | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read. | |||||