Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-918
Total 774 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26072 1 Atlassian 2 Confluence Data Center, Confluence Server 2022-07-27 4.0 MEDIUM 4.3 MEDIUM
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.
CVE-2022-22416 1 Ibm 2 Partner Engagement Manager, Partner Engagement Manager On Cloud\/saas 2022-07-27 N/A 5.4 MEDIUM
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.
CVE-2019-0227 2 Apache, Oracle 37 Axis, Agile Engineering Data Management, Agile Product Lifecycle Management Framework and 34 more 2022-07-25 5.4 MEDIUM 7.5 HIGH
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
CVE-2020-11987 3 Apache, Fedoraproject, Oracle 18 Batik, Fedora, Banking Apis and 15 more 2022-07-25 6.4 MEDIUM 8.2 HIGH
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2022-25800 1 Bestpractical 1 Request Tracker For Incident Response 2022-07-21 N/A 9.1 CRITICAL
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.
CVE-2022-22982 1 Vmware 2 Cloud Foundation, Vcenter Server 2022-07-20 N/A 7.5 HIGH
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
CVE-2022-25801 1 Bestpractical 1 Request Tracker For Incident Response 2022-07-20 N/A 9.1 CRITICAL
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.
CVE-2022-2339 1 Xgenecloud 1 Nocodb 2022-07-14 5.0 MEDIUM 7.5 HIGH
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
CVE-2022-25876 1 Link-preview-js Project 1 Link-preview-js 2022-07-12 2.1 LOW 5.5 MEDIUM
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.
CVE-2021-27214 1 Zohocorp 1 Manageengine Adselfservice Plus 2022-07-12 4.3 MEDIUM 6.1 MEDIUM
A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.
CVE-2021-45968 2 Jivesoftware, Pascom 2 Jive, Cloud Phone System 2022-07-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.
CVE-2021-34473 1 Microsoft 1 Exchange Server 2022-07-12 10.0 HIGH 9.8 CRITICAL
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
CVE-2021-26855 1 Microsoft 1 Exchange Server 2022-07-12 7.5 HIGH 9.8 CRITICAL
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
CVE-2021-22986 1 F5 15 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 12 more 2022-07-12 10.0 HIGH 9.8 CRITICAL
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
CVE-2021-45394 1 Html2pdf Project 1 Html2pdf 2022-07-12 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document.
CVE-2017-20106 1 Khoros 1 Lithium Forum 2022-07-07 3.6 LOW 4.4 MEDIUM
A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2022-0085 1 Dompdf Project 1 Dompdf 2022-07-07 4.3 MEDIUM 5.3 MEDIUM
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
CVE-2022-32995 1 Halo 1 Halo 2022-07-06 7.5 HIGH 9.8 CRITICAL
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
CVE-2022-2216 1 Parse-url Project 1 Parse-url 2022-07-06 7.5 HIGH 9.8 CRITICAL
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.
CVE-2022-1977 1 Smackcoders 1 Download Import All Xml\, Csv \& Txt Into Wordpress 2022-07-06 6.0 MEDIUM 7.2 HIGH
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks