Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-32210

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-23 Apr, 2026 | 21:35
Updated At-30 Apr, 2026 | 14:40
Rejected At-
Credits

Microsoft Dynamics 365 (online) Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:23 Apr, 2026 | 21:35
Updated At:30 Apr, 2026 | 14:40
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft Dynamics 365 (online) Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Dynamics 365 (online)
Versions
Affected
  • -
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918: Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918: Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.19.3CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32210
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32210
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:23 Apr, 2026 | 22:16
Updated At:05 May, 2026 | 14:10

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.3CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Microsoft Corporation
microsoft
>>dynamics_365>>-
cpe:2.3:a:microsoft:dynamics_365:-:*:*:*:online:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Primarysecure@microsoft.com
CWE ID: CWE-918
Type: Primary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32210secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32210
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

159Records found
CVE-2022-34689
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-13.20% / 94.17%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CryptoAPI Spoofing Vulnerability

Windows CryptoAPI Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2022-41716
Matching Score-8
Assigner-Go Project
ShareView Details
Matching Score-8
Assigner-Go Project
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 2.33%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 15:28
Updated-30 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsanitized NUL in environment variables on Windows in syscall and os/exec

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".

Action-Not Available
Vendor-Go standard libraryGoMicrosoft Corporation
Product-gowindowssyscallos/exec
CVE-2025-47866
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.70%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 17:42
Updated-08 Sep, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_centralwindowsTrend Micro Apex Central
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-475
Undefined Behavior for Input to API
CVE-2025-3942
Matching Score-8
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-8
Assigner-Honeywell International Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.63%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 12:40
Updated-04 Jun, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Output Neutralization for Logs

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Action-Not Available
Vendor-tridiumTridiumMicrosoft CorporationBlackBerry LimitedLinux Kernel Organization, Inc
Product-niagara_enterprise_securityqnxwindowslinux_kernelniagaraNiagara FrameworkNiagara Enterprise Security
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-117
Improper Output Neutralization for Logs
CVE-2020-3927
Matching Score-8
Assigner-TWCERT/CC
ShareView Details
Matching Score-8
Assigner-TWCERT/CC
CVSS Score-8.3||HIGH
EPSS-0.41% / 61.42%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 11:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ServiSign Windows Versions- Arbitrary File Deletion

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.

Action-Not Available
Vendor-changingtecCHANGINGMicrosoft Corporation
Product-windowsservisignServiSign Windows versions
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2026-35431
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.09% / 25.79%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 21:37
Updated-30 Apr, 2026 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Entra ID Entitlement Management Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-entra_idMicrosoft Entra
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-33107
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.06% / 18.82%
||
7 Day CHG+0.01%
Published-02 Apr, 2026 | 23:26
Updated-30 Apr, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Databricks Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_databricksAzure Databricks
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-32169
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.10% / 27.76%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Cloud Shell Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cloud_shellAzure Cloud Shell
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-14912
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.72%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:13
Updated-26 Mar, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4365
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.42%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-0539
Matching Score-6
Assigner-Octopus Deploy
ShareView Details
Matching Score-6
Assigner-Octopus Deploy
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.16%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 05:20
Updated-02 Jul, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself.

Action-Not Available
Vendor-Octopus Deploy Pty. Ltd.Microsoft Corporation
Product-windowsoctopus_serverOctopus Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26135
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.05% / 16.50%
||
7 Day CHG+0.01%
Published-02 Apr, 2026 | 23:26
Updated-30 Apr, 2026 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_custom_locations_resource_providerAzure Custom Locations Resource Provider
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26138
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.10% / 27.11%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-purviewMicrosoft Purview
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26121
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.39%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:05
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure IOT Explorer Spoofing Vulnerability

Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_iot_explorerAzure IoT Explorer
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26150
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.09% / 25.15%
||
7 Day CHG+0.01%
Published-23 Apr, 2026 | 21:37
Updated-30 Apr, 2026 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Purview eDiscovery Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-purview_ediscoveryMicrosoft Purview eDiscovery
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26139
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.10% / 26.35%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-purviewMicrosoft Purview
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-35712
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 54.30%
||
7 Day CHG~0.00%
Published-25 Dec, 2020 | 23:46
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.

Action-Not Available
Vendor-n/aEnvironmental Systems Research Institute, Inc. ("Esri")Microsoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelarcgis_servern/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26118
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.46%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:05
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure MCP Server Tools Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_mcp_serverAzure MCP Server Tools 1.0.0 (NuGet)Azure MCP Server Tools 2.0.0 (npm)Azure MCP Server Tools 2.0.0 (PyPi)Azure MCP Server Tools 1.0.0 (npm)Azure MCP Server Tools 2.0.0 (NuGet)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-26137
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.04% / 10.97%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilot_chatMicrosoft Exchange Online
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-27018
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.12%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 23:10
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsinterscan_messaging_security_virtual_applianceTrend Micro InterScan Messaging Security Virtual Appliance (IMSVA)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-20958
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:57
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Information Disclosure Vulnerability

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-21512
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.13%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-10 Apr, 2026 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure DevOps Server Cross-Site Scripting Vulnerability

Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_devops_serverAzure DevOps Server 2022
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-1015
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 8.72%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:41
Updated-26 Mar, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-41763
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-16.50% / 94.92%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-28 Oct, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-31||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Skype for Business Elevation of Privilege Vulnerability

Skype for Business Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-skype_for_business_serverSkype for Business Server 2019 CU7Skype for Business Server 2015 CU13Skype for Business
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-43394
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.44%
||
7 Day CHG+0.09%
Published-10 Jul, 2025 | 16:56
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: SSRF on Windows due to UNC paths

Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via  mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-http_serverwindowsApache HTTP Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-32186
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.06% / 18.82%
||
7 Day CHG+0.01%
Published-03 Apr, 2026 | 17:22
Updated-30 Apr, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Bing Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-bingMicrosoft Bing
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-40898
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.73% / 72.85%
||
7 Day CHG+0.19%
Published-18 Jul, 2024 | 09:32
Updated-13 Sep, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-http_serverwindowsApache HTTP Serverapache_http_server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-64663
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 22:02
Updated-16 Apr, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Custom Question Answering Elevation of Privilege Vulnerability

Custom Question Answering Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_languageAzure Cognitive Service for Language
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-38109
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-3.94% / 88.38%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Health Bot Elevation of Privilege Vulnerability

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_health_botAzure Health Bot
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-32052
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.51% / 66.25%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-28 Feb, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Power Apps (online) Spoofing Vulnerability

Microsoft Power Apps (online) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-power_appsMicrosoft Power Apps
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-33864
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.64%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 13:30
Updated-28 Apr, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript.

Action-Not Available
Vendor-linqin/alinqiMicrosoft Corporation
Product-linqiwindowsn/alinqi
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-32987
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.74% / 88.06%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-10 Feb, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-62207
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.12% / 29.76%
||
7 Day CHG+0.02%
Published-20 Nov, 2025 | 22:18
Updated-26 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Monitor Elevation of Privilege Vulnerability

Azure Monitor Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_monitorAzure Monitor Control Service
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-29260
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.51%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:17
Updated-28 Oct, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Express for UNIX server-side request forgery

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_connect\solarislinux_kernelwindowsaixSterling Connect:Express for UNIXsterling_connect\
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-59503
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.20% / 41.28%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 21:18
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Compute Resource Provider Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_compute_resource_providerAzure Compute Resource Provider
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-28288
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-9.09% / 92.69%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-28 Feb, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-4741
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 54.87%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 16:10
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowscontent_navigatorlinux_kernelContent Navigator
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-24954
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.28% / 84.77%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:03
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2sharepoint_serverwindows_10_22h2windows_server_2022sharepoint_enterprise_serverwindows_10_20h2windows_11_22h2windows_10_1607Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-21761
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-13.07% / 94.13%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Information Disclosure Vulnerability

Microsoft Exchange Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-53767
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.47% / 64.45%
||
7 Day CHG+0.27%
Published-07 Aug, 2025 | 21:01
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure OpenAI Elevation of Privilege Vulnerability

Azure OpenAI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_openaiAzure Open AI
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-53760
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.64% / 70.73%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-52453
Matching Score-6
Assigner-Salesforce, Inc.
ShareView Details
Matching Score-6
Assigner-Salesforce, Inc.
CVSS Score-8.2||HIGH
EPSS-0.05% / 14.86%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 19:05
Updated-31 Oct, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Action-Not Available
Vendor-tableauSalesforceLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowstableau_serverTableau Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-1561
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.68%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:10
Updated-30 Mar, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty Server-Side Request Forgery

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowswebsphere_application_serveraixz\/osmacosilinux_kernelWebSphere Application Server Liberty
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-34473
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-94.19% / 99.92%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-29 Oct, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2016 Cumulative Update 20Exchange Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-38206
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-2.40% / 85.14%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 21:38
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Copilot Studio Information Disclosure Vulnerability

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-copilot_studioMicrosoft Copilot Studio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-34425
Matching Score-6
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-6
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 48.13%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 19:25
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Request Forgery in Zoom Client for Meetings chat

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.

Action-Not Available
Vendor-Google LLCApple Inc.Microsoft CorporationZoom Communications, Inc.Linux Kernel Organization, Inc
Product-iphone_oslinux_kernelandroidmeetingswindowsmacosZoom Client for Meetings for WindowsZoom Client for Meetings for macOSZoom Client for Meetings for LinuxZoom Client for Meetings for iOSZoom Client for Meetings for Android
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-38183
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.97% / 88.43%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 18:15
Updated-31 Dec, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GroupMe Elevation of Privilege Vulnerability

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-groupmeGroupMe
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-42343
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 74.11%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 10:00
Updated-23 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowscampaignlinux_kernelAdobe Campaign Classic (ACC)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-41552
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.18%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 02:10
Updated-01 May, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer

Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.

Action-Not Available
Vendor-Linux Kernel Organization, IncHitachi, Ltd.Microsoft Corporation
Product-linux_kernelops_center_viewpointops_center_analyzerwindowsinfrastructure_analytics_advisorHitachi Ops Center AnalyzerHitachi Infrastructure Analytics Advisor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-31950
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-1.68% / 82.27%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found