Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-51408

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Nov, 2024 | 00:00
Updated At-05 Nov, 2024 | 21:26
Rejected At-
Credits

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Nov, 2024 | 00:00
Updated At:05 Nov, 2024 | 21:26
Rejected At:
▼CVE Numbering Authority (CNA)

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/appsmithorg/appsmith/pull/29286
N/A
https://github.com/jahithoque/Vulnerability-Research/tree/main/CVE-2024-51408
N/A
https://github.com/appsmithorg/appsmith/releases/tag/v1.46
N/A
Hyperlink: https://github.com/appsmithorg/appsmith/pull/29286
Resource: N/A
Hyperlink: https://github.com/jahithoque/Vulnerability-Research/tree/main/CVE-2024-51408
Resource: N/A
Hyperlink: https://github.com/appsmithorg/appsmith/releases/tag/v1.46
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
appsmith
Product
appsmith
CPEs
  • cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 1.8.3 before 1.46 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Nov, 2024 | 14:15
Updated At:06 Nov, 2024 | 22:06

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches

appsmith
appsmith
>>appsmith>>Versions from 1.8.3(inclusive) to 1.46(exclusive)
cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primarynvd@nist.gov
CWE-918Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-918
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-918
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/appsmithorg/appsmith/pull/29286cve@mitre.org
Issue Tracking
https://github.com/appsmithorg/appsmith/releases/tag/v1.46cve@mitre.org
Release Notes
https://github.com/jahithoque/Vulnerability-Research/tree/main/CVE-2024-51408cve@mitre.org
Exploit
Hyperlink: https://github.com/appsmithorg/appsmith/pull/29286
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: https://github.com/appsmithorg/appsmith/releases/tag/v1.46
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://github.com/jahithoque/Vulnerability-Research/tree/main/CVE-2024-51408
Source: cve@mitre.org
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

130Records found

CVE-2022-4096
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-1.44% / 69.87%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-14 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in appsmithorg/appsmith

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.

Action-Not Available
Vendor-appsmithappsmithorg
Product-appsmithappsmithorg/appsmith
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-55965
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.30%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 00:00
Updated-08 Jul, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys.

Action-Not Available
Vendor-appsmithn/a
Product-appsmithn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-38298
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.62% / 45.18%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 21:49
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.

Action-Not Available
Vendor-appsmithn/a
Product-appsmithn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-49979
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.22% / 12.25%
||
7 Day CHG-0.05%
Published-24 Jun, 2026 | 21:38
Updated-29 Jun, 2026 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses WebClientUtils.IP_CHECK_FILTER, which only applies to Spring WebClient HTTP requests. Additionally, the raw MailException.getMessage() is returned verbatim in the API error response, enabling error-based internal port scanning and service banner enumeration. This vulnerability is fixed in 1.99.

Action-Not Available
Vendor-appsmithappsmithorg
Product-appsmithappsmith
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-43776
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 46.90%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 00:00
Updated-07 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.

Action-Not Available
Vendor-metabasen/a
Product-metabaseMetabase
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-9204
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 15.88%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 10:19
Updated-11 Jun, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources during repository import, due to insufficient validation of secondary URLs.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-21385
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-24.44% / 97.61%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 22:07
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Purview Information Disclosure Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-purviewMicrosoft Purview
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-42343
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-1.36% / 68.43%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 10:00
Updated-23 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowscampaignlinux_kernelAdobe Campaign Classic (ACC)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-1521
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.1||HIGH
EPSS-0.55% / 41.77%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 16:45
Updated-07 Aug, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the slack_incoming_webhook parameter. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25352.

Action-Not Available
Vendor-posthogPostHog
Product-posthogPostHog
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-1522
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.1||HIGH
EPSS-0.52% / 40.13%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 16:45
Updated-07 Aug, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-25358.

Action-Not Available
Vendor-posthogPostHog
Product-posthogPostHog
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-56663
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-0.22% / 13.00%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 16:04
Updated-26 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. _is_ip_blocked() in backend/backend/util/request.py does not normalize IPv4-mapped IPv6 addresses before checking resolved IPs against the blocked IPv4 ranges, and does not block special-use ranges such as 100.64.0.0/10 (CGNAT, RFC 6598). A hostname that resolves to an IPv4-mapped IPv6 address therefore passes validation and the request reaches the embedded internal IPv4 endpoint. This affects all AutoGPT Platform deployments. This vulnerability is fixed in 0.6.52.

Action-Not Available
Vendor-Significant-Gravitas
Product-AutoGPT
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-40312
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.72%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 15:08
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.

Action-Not Available
Vendor-GiveWP
Product-givewpGiveWP – Donation Plugin and Fundraising Platform
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-13809
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 20.99%
||
7 Day CHG+0.01%
Published-01 Dec, 2025 | 05:32
Updated-04 Dec, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-orionsecorionsec
Product-orion-opsorion-ops
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-39383
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.38% / 29.57%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF vulnerability in KubeVela VelaUX APIServer

KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're using v1.6, please update the v1.6.1. Users who're using v1.5, please update the v1.5.8. There are no known workarounds for this issue.

Action-Not Available
Vendor-kubevelaThe Linux Foundation
Product-kubevelakubevela
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-10096
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 16.94%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 15:32
Updated-14 Nov, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SimStudioAI sim route.ts server-side request forgery

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.

Action-Not Available
Vendor-simSimStudioAI
Product-simsim
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-58418
Matching Score-4
Assigner-Gitea Limited
ShareView Details
Matching Score-4
Assigner-Gitea Limited
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-03 Jul, 2026 | 20:54
Updated-03 Jul, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF via HTTP Redirect in Repository Migration

SSRF via HTTP Redirect in Repository Migration

Action-Not Available
Vendor-Gitea
Product-Gitea Open Source Git Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-65784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 28.46%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 00:00
Updated-13 Feb, 2026 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.

Action-Not Available
Vendor-hubertn/a
Product-hubn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-36551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.09% / 91.32%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.

Action-Not Available
Vendor-heartexn/a
Product-label_studion/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-25492
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 33.74%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 19:33
Updated-19 Feb, 2026 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save_images_Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a non-image file extension such as .txt is allowed, downstream image validation is bypassed, which can allow an authenticated attacker with permission to use save_images_Asset to retrieve sensitive data such as AWS instance metadata credentials from the underlying host. This issue is patched in versions 4.16.18 and 5.8.22.

Action-Not Available
Vendor-craftcmscraftcms
Product-craft_cmscms
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-37033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.84% / 53.44%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-27 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely.

Action-Not Available
Vendor-n/adotCMS, LLC
Product-dotcmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-8635
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.7||HIGH
EPSS-0.56% / 42.24%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 17:01
Updated-14 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in GitLab

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-30858
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 27.55%
||
7 Day CHG~0.00%
Published-07 Mar, 2026 | 16:34
Updated-09 Mar, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensitive local services and potentially exfiltrate data. This issue has been patched in version 0.3.0.

Action-Not Available
Vendor-tencentTencent
Product-weknoraWeKnora
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-53827
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.25% / 16.67%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:56
Updated-16 Jun, 2026 | 02:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding

OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by providing malicious loopback targets through model-controlled action metadata.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-53859
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.27%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:05
Updated-17 Jun, 2026 | 22:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot Inconsistency

OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators intended to block through hostname policies.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-1023
Incomplete Comparison with Missing Factors
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-56736
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 41.03%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 15:38
Updated-17 Apr, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-Apache HertzBeat
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-48944
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 43.30%
||
7 Day CHG+0.04%
Published-27 Mar, 2025 | 15:05
Updated-08 May, 2025 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kylin: SSRF vulnerability in the diagnosis api

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-29848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.51% / 87.78%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:56
Updated-27 Aug, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-whatsup_goldn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-29942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 46.05%
||
7 Day CHG+0.01%
Published-04 May, 2022 | 17:26
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.

Action-Not Available
Vendor-talendn/a
Product-administration_centern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-2756
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-2.30% / 81.18%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 15:15
Updated-03 Aug, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in kareadita/kavita

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

Action-Not Available
Vendor-kavitareaderkareadita
Product-kavitakareadita/kavita
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-27234
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.45% / 36.23%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-computer_vision_annotation_toolCVAT software maintained by Intel(R)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-5014
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-7.1||HIGH
EPSS-0.48% / 37.75%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 20:13
Updated-21 Aug, 2024 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.

Action-Not Available
Vendor-Progress Software Corporation
Product-whatsup_goldWhatsUp Goldwhatsup_gold
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-48052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 36.91%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 00:00
Updated-13 Jun, 2025 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resources and sensitive information.

Action-Not Available
Vendor-gradio_projectn/agradio_project
Product-gradion/agradio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-26135
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-71.17% / 99.33%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 05:20
Updated-29 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerjira_service_deskjira_service_managementJira Service Management ServerJira Core ServerJira Service Management Data CenterJira Software ServerJira Software Data Center
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-25777
Matching Score-4
Assigner-Mautic
ShareView Details
Matching Score-4
Assigner-Mautic
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 35.67%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 15:13
Updated-27 Feb, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery in Asset section

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

Action-Not Available
Vendor-acquiaMautic
Product-mauticMautic
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-24333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 47.51%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2010-1637
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.68% / 83.96%
||
7 Day CHG~0.00%
Published-22 Jun, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

Action-Not Available
Vendor-n/aApple Inc.Red Hat, Inc.SquirrelMailFedora Project
Product-enterprise_linux_serverenterprise_linux_workstationmac_os_xenterprise_linux_desktopfedorasquirrelmailmac_os_x_servern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-43371
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.5||MEDIUM
EPSS-0.34% / 26.53%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 14:47
Updated-23 Aug, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential access to sensitive URLs via CKAN extensions (SSRF)

CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents (e.g. pushing to the DataStore, streaming contents or saving a local copy). All of them use the resource URL, and there are currently no checks to limit what URLs can be requested. This means that a malicious (or unaware) user can create a resource with a URL pointing to a place where they should not have access in order for one of the previous tools to retrieve it (known as a Server Side Request Forgery). Users wanting to protect against these kinds of attacks can use one or a combination of the following approaches: (1) Use a separate HTTP proxy like Squid that can be used to allow / disallow IPs, domains etc as needed, and make CKAN extensions aware of this setting via the ckan.download_proxy config option. (2) Implement custom firewall rules to prevent access to restricted resources. (3) Use custom validators on the resource url field to block/allow certain domains or IPs. All latest versions of the plugins listed above support the ckan.download_proxy settings. Support for this setting in the Resource Proxy plugin was included in CKAN 2.10.5 and 2.11.0.

Action-Not Available
Vendor-okfnckan
Product-ckanckan
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-14476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 53.08%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 16:50
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems.

Action-Not Available
Vendor-adremsoftn/a
Product-netcrunchn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-23071
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-6.5||MEDIUM
EPSS-0.94% / 56.49%
||
7 Day CHG~0.00%
Published-19 Jun, 2022 | 10:15
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Recipes - SSRF on Import

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.

Action-Not Available
Vendor-tandoorrecipes
Product-recipesrecipes
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-38206
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-12.34% / 95.70%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 21:38
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Copilot Studio Information Disclosure Vulnerability

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-copilot_studioMicrosoft Copilot Studio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-36414
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.36% / 28.22%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 19:40
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SuiteCRM authenticated Server-Side Request Forgery

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Action-Not Available
Vendor-SalesAgility Ltd.
Product-suitecrmSuiteCRM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-54033
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.21% / 10.88%
||
7 Day CHG+0.01%
Published-25 Jun, 2026 | 15:50
Updated-29 Jun, 2026 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme restriction, no DNS pinning. An authenticated user can set baseURL to internal network addresses. This vulnerability is fixed in 0.8.4-rc1.

Action-Not Available
Vendor-librechatdanny-avila
Product-librechatLibreChat
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-34361
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-2.83% / 84.89%
||
7 Day CHG~0.00%
Published-05 Jul, 2024 | 18:30
Updated-02 Oct, 2025 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.

Action-Not Available
Vendor-pi-holepi-holepi-hole
Product-pi-holepi-holepi-hole
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-20951
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-1.87% / 76.82%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:26
Updated-25 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-broadworks_messaging_serverCisco BroadWorks
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-24888
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.4||MEDIUM
EPSS-0.34% / 25.62%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 18:16
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.25.

Action-Not Available
Vendor-Kadence WPThe Events Calendar (StellarWP)
Product-gutenberg_blocks_with_aiGutenberg Blocks by Kadence Blocks
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-23500
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.7||HIGH
EPSS-0.51% / 39.43%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 05:54
Updated-11 May, 2026 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kadence Blocks plugin <= 3.2.19 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19.

Action-Not Available
Vendor-Kadence WPThe Events Calendar (StellarWP)
Product-gutenberg_blocks_with_aiGutenberg Blocks by Kadence Blocks
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-22134
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.28% / 19.54%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 11:39
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Extension For Mailchimp Plugin <= 0.5.70 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.

Action-Not Available
Vendor-renzojohnsonRenzo Johnson
Product-contact_form_7_extension_for_mailchimpContact Form 7 Extension For Mailchimp
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-1398
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-2.88% / 85.13%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 14:30
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
External Media without Import <= 1.1.2 - Subscriber+ Blind SSRF

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks

Action-Not Available
Vendor-external_media_without_import_projectUnknown
Product-external_media_without_importExternal Media without Import
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-22217
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 25.97%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-24 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.

Action-Not Available
Vendor-terminalfourn/a
Product-terminalfourn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-0601
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.48% / 38.09%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 21:31
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZhongFuCheng3y Austin Email Message Template AustinFileUtils.java getRemoteUrl2File server-side request forgery

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-zhongfucheng3yZhongFuCheng3y
Product-austinAustin
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found