Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39241 | 1 Discourse | 1 Discourse | 2022-11-04 | N/A | 4.9 MEDIUM |
| Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are now patched. As a workaround, self-hosters can use `DISCOURSE_BLOCKED_IP_BLOCKS` env var (which overrides `blocked_ip_blocks` setting) to stop webhooks from accessing private IPs. | |||||
| CVE-2022-39276 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 5.3 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds. | |||||
| CVE-2022-3708 | 1 Google | 1 Web Stories | 2022-11-03 | N/A | 8.1 HIGH |
| The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2022-40296 | 1 Phppointofsale | 1 Php Point Of Sale | 2022-11-02 | N/A | 9.8 CRITICAL |
| The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. | |||||
| CVE-2022-36451 | 1 Mitel | 1 Micollab | 2022-10-28 | N/A | 8.8 HIGH |
| A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. | |||||
| CVE-2022-43776 | 1 Metabase | 1 Metabase | 2022-10-28 | N/A | 6.5 MEDIUM |
| The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects. | |||||
| CVE-2022-3247 | 1 Adenion | 1 Blog2social | 2022-10-27 | N/A | 6.5 MEDIUM |
| The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks | |||||
| CVE-2022-27622 | 1 Synology | 1 Diskstation Manager | 2022-10-26 | N/A | 4.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
| CVE-2022-38580 | 1 Zalando | 1 Skipper | 2022-10-25 | N/A | 9.8 CRITICAL |
| Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | |||||
| CVE-2021-25640 | 1 Apache | 1 Dubbo | 2022-10-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | |||||
| CVE-2022-42149 | 1 Keking | 1 Kkfileview | 2022-10-20 | N/A | 9.8 CRITICAL |
| kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. | |||||
| CVE-2022-39055 | 1 Changingtec | 1 Rava Certificate Validation System | 2022-10-20 | N/A | 5.3 MEDIUM |
| RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response. | |||||
| CVE-2022-41477 | 1 Webidsupport | 1 Webid | 2022-10-20 | N/A | 9.1 CRITICAL |
| A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. | |||||
| CVE-2022-36802 | 1 Atlassian | 1 Jira Align | 2022-10-17 | N/A | 4.9 MEDIUM |
| The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request. | |||||
| CVE-2022-41497 | 1 Clippercms | 1 Clippercms | 2022-10-14 | N/A | 9.8 CRITICAL |
| ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. | |||||
| CVE-2022-41496 | 1 Idreamsoft | 1 Icms | 2022-10-14 | N/A | 9.8 CRITICAL |
| iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | |||||
| CVE-2022-41495 | 1 Clippercms | 1 Clippercms | 2022-10-14 | N/A | 9.8 CRITICAL |
| ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. | |||||
| CVE-2022-29612 | 1 Sap | 2 Host Agent, Netweaver Abap | 2022-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. | |||||
| CVE-2022-2352 | 1 Wpexperts | 1 Post Smtp | 2022-10-05 | N/A | 7.2 HIGH |
| The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. | |||||
| CVE-2020-6275 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. | |||||