Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-24815

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Nov, 2020 | 16:48
Updated At-04 Aug, 2024 | 15:19
Rejected At-
Credits

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Nov, 2020 | 16:48
Updated At:04 Aug, 2024 | 15:19
Rejected At:
▼CVE Numbering Authority (CNA)

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://microstrategy.com
x_refsource_MISC
https://triskelelabs.com/extracting-your-aws-access-keys-through-a-pdf-file/
x_refsource_MISC
https://community.microstrategy.com/s/article/Securing-PDF-and-Excel-Export-with-Whitelists?language=en_US
x_refsource_MISC
Hyperlink: http://microstrategy.com
Resource:
x_refsource_MISC
Hyperlink: https://triskelelabs.com/extracting-your-aws-access-keys-through-a-pdf-file/
Resource:
x_refsource_MISC
Hyperlink: https://community.microstrategy.com/s/article/Securing-PDF-and-Excel-Export-with-Whitelists?language=en_US
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://microstrategy.com
x_refsource_MISC
x_transferred
https://triskelelabs.com/extracting-your-aws-access-keys-through-a-pdf-file/
x_refsource_MISC
x_transferred
https://community.microstrategy.com/s/article/Securing-PDF-and-Excel-Export-with-Whitelists?language=en_US
x_refsource_MISC
x_transferred
Hyperlink: http://microstrategy.com
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://triskelelabs.com/extracting-your-aws-access-keys-through-a-pdf-file/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://community.microstrategy.com/s/article/Securing-PDF-and-Excel-Export-with-Whitelists?language=en_US
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Nov, 2020 | 17:15
Updated At:02 Dec, 2020 | 16:52

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches

microstrategy
microstrategy
>>microstrategy>>10.4
cpe:2.3:a:microstrategy:microstrategy:10.4:*:*:*:*:*:*:*
microstrategy
microstrategy
>>microstrategy>>2019
cpe:2.3:a:microstrategy:microstrategy:2019:update1:*:*:*:*:*:*
microstrategy
microstrategy
>>microstrategy>>2019
cpe:2.3:a:microstrategy:microstrategy:2019:update2:*:*:*:*:*:*
microstrategy
microstrategy
>>microstrategy>>2019
cpe:2.3:a:microstrategy:microstrategy:2019:update3:*:*:*:*:*:*
microstrategy
microstrategy
>>microstrategy>>2019
cpe:2.3:a:microstrategy:microstrategy:2019:update4:*:*:*:*:*:*
microstrategy
microstrategy
>>microstrategy>>2019
cpe:2.3:a:microstrategy:microstrategy:2019:update5:*:*:*:*:*:*
microstrategy
microstrategy
>>microstrategy>>2020
cpe:2.3:a:microstrategy:microstrategy:2020:update1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primarynvd@nist.gov
CWE ID: CWE-918
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://microstrategy.comcve@mitre.org
Vendor Advisory
https://community.microstrategy.com/s/article/Securing-PDF-and-Excel-Export-with-Whitelists?language=en_UScve@mitre.org
Vendor Advisory
https://triskelelabs.com/extracting-your-aws-access-keys-through-a-pdf-file/cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: http://microstrategy.com
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://community.microstrategy.com/s/article/Securing-PDF-and-Excel-Export-with-Whitelists?language=en_US
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://triskelelabs.com/extracting-your-aws-access-keys-through-a-pdf-file/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

201Records found

CVE-2020-11452
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.21% / 64.88%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 15:02
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.

Action-Not Available
Vendor-microstrategyn/a
Product-microstrategy_webn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2018-18777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-19.55% / 97.05%
||
7 Day CHG~0.00%
Published-01 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.

Action-Not Available
Vendor-microstrategyn/a
Product-microstrategy_webn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-22983
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.31% / 81.27%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 12:31
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.

Action-Not Available
Vendor-microstrategyn/a
Product-microstrategy_webn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-11453
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.73% / 84.30%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 15:03
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product

Action-Not Available
Vendor-microstrategyn/a
Product-microstrategy_webn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-43776
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 46.90%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 00:00
Updated-07 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.

Action-Not Available
Vendor-metabasen/a
Product-metabaseMetabase
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-9204
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 15.88%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 10:19
Updated-11 Jun, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources during repository import, due to insufficient validation of secondary URLs.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-21385
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-24.44% / 97.61%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 22:07
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Purview Information Disclosure Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-purviewMicrosoft Purview
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-42343
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-1.36% / 68.43%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 10:00
Updated-23 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowscampaignlinux_kernelAdobe Campaign Classic (ACC)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-2116
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 29.71%
||
7 Day CHG~0.00%
Published-09 Mar, 2025 | 06:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery

A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /newsedit/newsedit/xy/imageProxy.do of the component File Protocol Handler. The manipulation of the argument xyImgUrl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Beijing Founder Electronics
Product-Founder Enjoys All-Media Acquisition and Editing System
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-1521
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.1||HIGH
EPSS-0.55% / 41.77%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 16:45
Updated-07 Aug, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the slack_incoming_webhook parameter. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25352.

Action-Not Available
Vendor-posthogPostHog
Product-posthogPostHog
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-1522
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.1||HIGH
EPSS-0.52% / 40.13%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 16:45
Updated-07 Aug, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-25358.

Action-Not Available
Vendor-posthogPostHog
Product-posthogPostHog
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-15002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.59% / 72.69%
||
7 Day CHG~0.00%
Published-23 Oct, 2020 | 04:51
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

Action-Not Available
Vendor-n/aOpen-Xchange AG
Product-open-xchange_appsuiten/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-40312
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.72%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 15:08
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.

Action-Not Available
Vendor-GiveWP
Product-givewpGiveWP – Donation Plugin and Fundraising Platform
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-1447
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 25.72%
||
7 Day CHG~0.00%
Published-19 Feb, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kasuganosoras Pigeon index.php server-side request forgery

A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading to version 1.0.181 is able to address this issue. The patch is identified as 84cea5fe73141689da2e7ec8676d47435bd6423e. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-kasuganosoras
Product-Pigeon
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-4096
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-1.44% / 69.87%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-14 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in appsmithorg/appsmith

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.

Action-Not Available
Vendor-appsmithappsmithorg
Product-appsmithappsmithorg/appsmith
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-13809
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 20.99%
||
7 Day CHG+0.01%
Published-01 Dec, 2025 | 05:32
Updated-04 Dec, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-orionsecorionsec
Product-orion-opsorion-ops
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-39383
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.38% / 29.57%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF vulnerability in KubeVela VelaUX APIServer

KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're using v1.6, please update the v1.6.1. Users who're using v1.5, please update the v1.5.8. There are no known workarounds for this issue.

Action-Not Available
Vendor-kubevelaThe Linux Foundation
Product-kubevelakubevela
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-10096
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 16.94%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 15:32
Updated-14 Nov, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SimStudioAI sim route.ts server-side request forgery

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.

Action-Not Available
Vendor-simSimStudioAI
Product-simsim
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-0480
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.48% / 37.83%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 17:31
Updated-13 May, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wuzhicms config.php test server-side request forgery

A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-wuzhicmsn/a
Product-wuzhicmswuzhicms
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-58418
Matching Score-4
Assigner-Gitea Limited
ShareView Details
Matching Score-4
Assigner-Gitea Limited
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-03 Jul, 2026 | 20:54
Updated-03 Jul, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF via HTTP Redirect in Repository Migration

SSRF via HTTP Redirect in Repository Migration

Action-Not Available
Vendor-Gitea
Product-Gitea Open Source Git Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-65784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 28.46%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 00:00
Updated-13 Feb, 2026 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.

Action-Not Available
Vendor-hubertn/a
Product-hubn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-36551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.09% / 91.32%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.

Action-Not Available
Vendor-heartexn/a
Product-label_studion/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-25492
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 33.74%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 19:33
Updated-19 Feb, 2026 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save_images_Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a non-image file extension such as .txt is allowed, downstream image validation is bypassed, which can allow an authenticated attacker with permission to use save_images_Asset to retrieve sensitive data such as AWS instance metadata credentials from the underlying host. This issue is patched in versions 4.16.18 and 5.8.22.

Action-Not Available
Vendor-craftcmscraftcms
Product-craft_cmscms
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-37033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.84% / 53.44%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-27 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely.

Action-Not Available
Vendor-n/adotCMS, LLC
Product-dotcmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-8635
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.7||HIGH
EPSS-0.56% / 42.24%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 17:01
Updated-14 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in GitLab

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-30858
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 27.55%
||
7 Day CHG~0.00%
Published-07 Mar, 2026 | 16:34
Updated-09 Mar, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensitive local services and potentially exfiltrate data. This issue has been patched in version 0.3.0.

Action-Not Available
Vendor-tencentTencent
Product-weknoraWeKnora
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-53827
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.25% / 16.67%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:56
Updated-16 Jun, 2026 | 02:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding

OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-34011
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 40.73%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 12:45
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.

Action-Not Available
Vendor-zhydn/a
Product-oneblogn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-34013
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 40.73%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 12:45
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.

Action-Not Available
Vendor-zhydn/a
Product-oneblogn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-53859
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.27%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-17 Jun, 2026 | 22:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-1023
Incomplete Comparison with Missing Factors
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-56736
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 41.03%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 15:38
Updated-17 Apr, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-Apache HertzBeat
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-48944
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 43.30%
||
7 Day CHG+0.04%
Published-27 Mar, 2025 | 15:05
Updated-08 May, 2025 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kylin: SSRF vulnerability in the diagnosis api

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-7616
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-4.9||MEDIUM
EPSS-2.14% / 79.78%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 21:15
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system.

Action-Not Available
Vendor-Elasticsearch BV
Product-kibanaKibana
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-7652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.7||HIGH
EPSS-5.16% / 91.41%
||
7 Day CHG~0.00%
Published-09 May, 2019 | 20:48
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts.

Action-Not Available
Vendor-thehive-projectn/a
Product-cortex-analyzersn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-29848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.51% / 87.78%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:56
Updated-27 Aug, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-whatsup_goldn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-29942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 46.05%
||
7 Day CHG+0.01%
Published-04 May, 2022 | 17:26
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.

Action-Not Available
Vendor-talendn/a
Product-administration_centern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-15033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.7||HIGH
EPSS-1.33% / 67.67%
||
7 Day CHG~0.00%
Published-19 Sep, 2019 | 16:12
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.

Action-Not Available
Vendor-pydion/a
Product-pydion/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-2756
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-2.30% / 81.18%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 15:15
Updated-03 Aug, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in kareadita/kavita

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

Action-Not Available
Vendor-kavitareaderkareadita
Product-kavitakareadita/kavita
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-27234
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.45% / 36.23%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-computer_vision_annotation_toolCVAT software maintained by Intel(R)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-51408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.5||HIGH
EPSS-0.47% / 37.46%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 00:00
Updated-06 Nov, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.

Action-Not Available
Vendor-appsmithn/aappsmith
Product-appsmithn/aappsmith
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-5014
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-7.1||HIGH
EPSS-0.48% / 37.75%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 20:13
Updated-21 Aug, 2024 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.

Action-Not Available
Vendor-Progress Software Corporation
Product-whatsup_goldWhatsUp Goldwhatsup_gold
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-48052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 36.91%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 00:00
Updated-13 Jun, 2025 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resources and sensitive information.

Action-Not Available
Vendor-gradio_projectn/agradio_project
Product-gradion/agradio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-26135
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-71.17% / 99.33%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 05:20
Updated-29 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerjira_service_deskjira_service_managementJira Service Management ServerJira Core ServerJira Service Management Data CenterJira Software ServerJira Software Data Center
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-24862
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.97% / 57.56%
||
7 Day CHG~0.00%
Published-20 Apr, 2022 | 18:20
Updated-22 Apr, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery in Databasir

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF.

Action-Not Available
Vendor-databasir_projectvran-dev
Product-databasirdatabasir
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-25777
Matching Score-4
Assigner-Mautic
ShareView Details
Matching Score-4
Assigner-Mautic
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 35.67%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 15:13
Updated-27 Feb, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery in Asset section

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

Action-Not Available
Vendor-acquiaMautic
Product-mauticMautic
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-24333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 47.51%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2010-1637
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.68% / 83.96%
||
7 Day CHG~0.00%
Published-22 Jun, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

Action-Not Available
Vendor-n/aApple Inc.Red Hat, Inc.SquirrelMailFedora Project
Product-enterprise_linux_serverenterprise_linux_workstationmac_os_xenterprise_linux_desktopfedorasquirrelmailmac_os_x_servern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-23668
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 55.11%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 20:04
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-43371
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.5||MEDIUM
EPSS-0.34% / 26.53%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 14:47
Updated-23 Aug, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential access to sensitive URLs via CKAN extensions (SSRF)

CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents (e.g. pushing to the DataStore, streaming contents or saving a local copy). All of them use the resource URL, and there are currently no checks to limit what URLs can be requested. This means that a malicious (or unaware) user can create a resource with a URL pointing to a place where they should not have access in order for one of the previous tools to retrieve it (known as a Server Side Request Forgery). Users wanting to protect against these kinds of attacks can use one or a combination of the following approaches: (1) Use a separate HTTP proxy like Squid that can be used to allow / disallow IPs, domains etc as needed, and make CKAN extensions aware of this setting via the ckan.download_proxy config option. (2) Implement custom firewall rules to prevent access to restricted resources. (3) Use custom validators on the resource url field to block/allow certain domains or IPs. All latest versions of the plugins listed above support the ckan.download_proxy settings. Support for this setting in the Resource Proxy plugin was included in CKAN 2.10.5 and 2.11.0.

Action-Not Available
Vendor-okfnckan
Product-ckanckan
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-14476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 53.08%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 16:50
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems.

Action-Not Available
Vendor-adremsoftn/a
Product-netcrunchn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found