Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26072 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2022-07-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2022-22416 | 1 Ibm | 2 Partner Engagement Manager, Partner Engagement Manager On Cloud\/saas | 2022-07-27 | N/A | 5.4 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126. | |||||
| CVE-2019-0227 | 2 Apache, Oracle | 37 Axis, Agile Engineering Data Management, Agile Product Lifecycle Management Framework and 34 more | 2022-07-25 | 5.4 MEDIUM | 7.5 HIGH |
| A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. | |||||
| CVE-2020-11987 | 3 Apache, Fedoraproject, Oracle | 18 Batik, Fedora, Banking Apis and 15 more | 2022-07-25 | 6.4 MEDIUM | 8.2 HIGH |
| Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | |||||
| CVE-2022-25800 | 1 Bestpractical | 1 Request Tracker For Incident Response | 2022-07-21 | N/A | 9.1 CRITICAL |
| Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool. | |||||
| CVE-2022-22982 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2022-07-20 | N/A | 7.5 HIGH |
| The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. | |||||
| CVE-2022-25801 | 1 Bestpractical | 1 Request Tracker For Incident Response | 2022-07-20 | N/A | 9.1 CRITICAL |
| Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools. | |||||
| CVE-2022-2339 | 1 Xgenecloud | 1 Nocodb | 2022-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information. | |||||
| CVE-2022-25876 | 1 Link-preview-js Project | 1 Link-preview-js | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection. | |||||
| CVE-2021-27214 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | |||||
| CVE-2021-45968 | 2 Jivesoftware, Pascom | 2 Jive, Cloud Phone System | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394. | |||||
| CVE-2021-34473 | 1 Microsoft | 1 Exchange Server | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. | |||||
| CVE-2021-26855 | 1 Microsoft | 1 Exchange Server | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. | |||||
| CVE-2021-22986 | 1 F5 | 15 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 12 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-45394 | 1 Html2pdf Project | 1 Html2pdf | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document. | |||||
| CVE-2017-20106 | 1 Khoros | 1 Lithium Forum | 2022-07-07 | 3.6 LOW | 4.4 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-0085 | 1 Dompdf Project | 1 Dompdf | 2022-07-07 | 4.3 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | |||||
| CVE-2022-32995 | 1 Halo | 1 Halo | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | |||||
| CVE-2022-2216 | 1 Parse-url Project | 1 Parse-url | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. | |||||
| CVE-2022-1977 | 1 Smackcoders | 1 Download Import All Xml\, Csv \& Txt Into Wordpress | 2022-07-06 | 6.0 MEDIUM | 7.2 HIGH |
| The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | |||||