Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-47357

Summary
Assigner-tenable
Assigner Org ID-5ac1ecc2-367a-4d16-a0b2-35d495ddd0be
Published At-19 May, 2026 | 15:53
Updated At-19 May, 2026 | 17:09
Rejected At-
Credits

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to "http". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response header, allowing the attacker's server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:tenable
Assigner Org ID:5ac1ecc2-367a-4d16-a0b2-35d495ddd0be
Published At:19 May, 2026 | 15:53
Updated At:19 May, 2026 | 17:09
Rejected At:
â–¼CVE Numbering Authority (CNA)

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to "http". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response header, allowing the attacker's server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

Affected Products
Vendor
Tenable, Inc.tenable
Product
Terrascan
Default Status
affected
Versions
Affected
  • From 0 through 1.18.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-918Server-Side Request Forgery (SSRF)
CWECWE-610Externally Controlled Reference to a Resource in Another Sphere
CWECWE-73External Control of File Name or Path
Type: CWE
CWE ID: CWE-918
Description: Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-610
Description: Externally Controlled Reference to a Resource in Another Sphere
Type: CWE
CWE ID: CWE-73
Description: External Control of File Name or Path
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Tristan Madani (@TristanInSec) from Talence Security
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/tenable/terrascan
N/A
Hyperlink: https://github.com/tenable/terrascan
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vulnreport@tenable.com
Published At:19 May, 2026 | 17:16
Updated At:19 May, 2026 | 17:59

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to "http". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response header, allowing the attacker's server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-73Secondaryvulnreport@tenable.com
CWE-610Secondaryvulnreport@tenable.com
CWE-918Secondaryvulnreport@tenable.com
CWE ID: CWE-73
Type: Secondary
Source: vulnreport@tenable.com
CWE ID: CWE-610
Type: Secondary
Source: vulnreport@tenable.com
CWE ID: CWE-918
Type: Secondary
Source: vulnreport@tenable.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/tenable/terrascanvulnreport@tenable.com
N/A
Hyperlink: https://github.com/tenable/terrascan
Source: vulnreport@tenable.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

274Records found

CVE-2026-47356
Matching Score-10
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-10
Assigner-Tenable Network Security, Inc.
CVSS Score-8.7||HIGH
EPSS-0.50% / 39.10%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 15:53
Updated-19 May, 2026 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

Action-Not Available
Vendor-Tenable, Inc.
Product-Terrascan
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-47358
Matching Score-10
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-10
Assigner-Tenable Network Security, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.48% / 37.92%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 15:53
Updated-20 May, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

Action-Not Available
Vendor-Tenable, Inc.
Product-terrascanTerrascan
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-11044
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-3.7||LOW
EPSS-5.12% / 91.36%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 02:40
Updated-17 Sep, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
link() silently truncates after a null byte on Windows

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

Action-Not Available
Vendor-The PHP GroupFedora ProjectTenable, Inc.
Product-phpsecuritycenterfedoraPHP
CWE ID-CWE-170
Improper Null Termination
CVE-2026-13007
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-8.5||HIGH
EPSS-0.43% / 34.70%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 15:59
Updated-25 Jun, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.

Action-Not Available
Vendor-Tenable, Inc.
Product-Tenable Identity Exposure
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CVE-2020-7067
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-7.5||HIGH
EPSS-4.31% / 89.97%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 20:38
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OOB Read in urldecode()

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxTenable, Inc.The PHP Group
Product-communications_diameter_signaling_routerphpdebian_linuxtenable.scPHP
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-196
Unsigned to Signed Conversion Error
CVE-2020-5808
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.60%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 17:45
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.

Action-Not Available
Vendor-n/aTenable, Inc.
Product-tenable.scTenable.sc
CVE-2021-40438
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9||CRITICAL
EPSS-100.00% / 100.00%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-27 Oct, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-15||Apply updates per vendor instructions.
mod_proxy SSRF

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-resfF5, Inc.NetApp, Inc.Tenable, Inc.Oracle CorporationRed Hat, Inc.Siemens AGThe Apache Software FoundationBroadcom Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_for_ibm_z_systemsenterprise_linux_server_update_services_for_sap_solutionsjboss_core_servicesinstantis_enterprisetrackenterprise_linux_serversinema_serversinema_remote_connect_serversinec_nmstenable.sccloud_backupzfs_storage_appliance_kitsecure_global_desktopruggedcom_nmssoftware_collectionsdebian_linuxenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endianenterprise_linux_for_arm_64clustered_data_ontapenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsf5osenterprise_linuxenterprise_linux_eusenterprise_linux_for_ibm_z_systems_eus_s390xenterprise_linux_for_power_little_endianbrocade_fabric_operating_system_firmwareenterprise_manager_ops_centerenterprise_linux_for_arm_64_eushttp_serverrocky_linuxenterprise_linux_server_workstationenterprise_linux_server_ausenterprise_linux_server_tusfedoraenterprise_linux_for_scientific_computingenterprise_linux_workstationstoragegridApache HTTP ServerApache
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-24495
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.89% / 55.03%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.

Action-Not Available
Vendor-n/aTenable, Inc.
Product-tenable.scTenable.sc
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-25760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 27.58%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 00:00
Updated-09 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request.

Action-Not Available
Vendor-sucms_projectn/a
Product-sucmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-68616
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.19%
||
7 Day CHG+0.05%
Published-19 Jan, 2026 | 15:20
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Action-Not Available
Vendor-kozeaKozeaRed Hat, Inc.
Product-weasyprintWeasyPrintRed Hat Ansible Automation Platform 2
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-35667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.34% / 67.86%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:51
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-24485
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.8||MEDIUM
EPSS-5.30% / 91.59%
||
7 Day CHG+0.30%
Published-28 Jul, 2025 | 13:36
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-41704
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.14% / 79.82%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-25 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-batikdebian_linuxApache XML Graphics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-59049
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.66% / 73.80%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 18:49
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mockoon has a Path Traversal and LFI in the static file serving endpoint

Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server filesystem. The issue may be particularly relevant in cloud hosted server instances. Version 9.2.0 fixes the issue.

Action-Not Available
Vendor-mockoon
Product-mockoon
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-24
Path Traversal: '../filedir'
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-6514
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.72%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 08:24
Updated-14 May, 2026 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-Infused Addons
Product-InfusedWoo Pro
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-5773
Matching Score-4
Assigner-curl
ShareView Details
Matching Score-4
Assigner-curl
CVSS Score-7.5||HIGH
EPSS-0.55% / 41.90%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 08:27
Updated-13 May, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wrong reuse of SMB connection

libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.

Action-Not Available
Vendor-CURL
Product-curlcurl
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-56266
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-0.28% / 19.41%
||
7 Day CHG-0.02%
Published-22 Jun, 2026 | 21:04
Updated-30 Jun, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.

Action-Not Available
Vendor-kidocodeCrawl4AI
Product-crawl4aiCrawl4AI
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-42733
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.56%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

Action-Not Available
Vendor-Siemens AG
Product-syngo_dynamics_cardiovascular_imaging_and_information_systemsyngo Dynamics
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2026-42281
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-1.62% / 73.20%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 15:46
Updated-21 May, 2026 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MagicMirror²: Unauthenticated SSRF via /cors endpoint

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (**VAR_NAME**), enabling exfiltration of server-side secrets. This vulnerability is fixed in 2.36.0.

Action-Not Available
Vendor-magicmirrorMagicMirrorOrg
Product-magicmirrorMagicMirror
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-11451
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.74%
||
7 Day CHG+0.01%
Published-11 Nov, 2025 | 03:30
Updated-08 Apr, 2026 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aal_ajax_unit_loading' RST API endpoint. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-miunosoft
Product-Auto Amazon Links – Amazon Associates Affiliate Plugin
CWE ID-CWE-73
External Control of File Name or Path
CVE-2022-38211
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.60%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 05:13
Updated-10 Apr, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only)

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisArcGIS Enterprise
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-38203
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.11%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 05:13
Updated-10 Apr, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only)

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisPortal for ArcGIS
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-38212
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.11%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 05:13
Updated-10 Apr, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisArcGIS Enterprise
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-8952
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.67% / 47.52%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:10
Updated-01 Apr, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF in composiohq/composio

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system.

Action-Not Available
Vendor-composiocomposiohq
Product-composiocomposiohq/composio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-30404
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 16.52%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 00:00
Updated-02 Apr, 2026 | 12:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations.

Action-Not Available
Vendor-wgstartn/a
Product-wgcloudn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-30858
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 27.55%
||
7 Day CHG~0.00%
Published-07 Mar, 2026 | 16:34
Updated-09 Mar, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensitive local services and potentially exfiltrate data. This issue has been patched in version 0.3.0.

Action-Not Available
Vendor-tencentTencent
Product-weknoraWeKnora
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-52196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 21.71%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 00:00
Updated-02 Jan, 2026 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe.

Action-Not Available
Vendor-cteran/a
Product-cteran/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-5736
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-8.2||HIGH
EPSS-1.23% / 65.21%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 11:26
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF in AdmirorFrames Joomla! Extension

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

Action-Not Available
Vendor-admiror-design-studioNikola Vasilijevski
Product-admirorframesAdmirorFrames
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-55082
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.73%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-31196
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.6||HIGH
EPSS-0.81% / 52.60%
||
7 Day CHG+0.03%
Published-02 Sep, 2022 | 19:45
Updated-22 Apr, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) vulnerability in Databasir

Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.

Action-Not Available
Vendor-databasirvran-dev
Product-databasirdatabasir
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-29847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-55.86% / 98.92%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:56
Updated-27 Aug, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-whatsup_goldn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-30049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.42%
||
7 Day CHG~0.00%
Published-15 May, 2022 | 16:17
Updated-03 Aug, 2024 | 06:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.

Action-Not Available
Vendor-ruifang-techn/a
Product-rebuildn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-54000
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.65%
||
7 Day CHG+0.01%
Published-03 Dec, 2024 | 15:33
Updated-27 Jun, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mobile Security Framework (MobSF) bypass of SSRF fix

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7.

Action-Not Available
Vendor-Mobile Security Framework (MobSF)
Product-mobile_security_frameworkMobile-Security-Framework-MobSFmobile_security_framework
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-28997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 77.71%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 13:35
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

Action-Not Available
Vendor-cszcmsn/a
Product-cszcmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-51961
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.82%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 19:58
Updated-10 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local file inclusion (LFI) vulnerability in ArcGIS Server

There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server.  Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-arcgis_serverArcGIS Server
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE ID-CWE-73
External Control of File Name or Path
CVE-2022-29309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.20%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 02:17
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.

Action-Not Available
Vendor-wangl1989n/a
Product-mysiteformen/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-52598
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.46%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 14:09
Updated-04 Aug, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues.

Action-Not Available
Vendor-2fauthBubkabubka
Product-2fauth2FAuth2fauth
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-50714
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.04%
||
7 Day CHG+0.01%
Published-27 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via a crafted script to the /FB/getFbVideoSource.php component.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-25850
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-1.31% / 67.20%
||
7 Day CHG~0.00%
Published-01 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-side Request Forgery (SSRF)

The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.

Action-Not Available
Vendor-proxyscotch_projectn/a
Product-proxyscotchgithub.com/hoppscotch/proxyscotch
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-48360
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.91% / 89.01%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 00:00
Updated-01 Jul, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.

Action-Not Available
Vendor-qualitorn/aqualitor
Product-qualitorn/aqualitor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-48907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 27.95%
||
7 Day CHG~0.00%
Published-01 May, 2025 | 00:00
Updated-04 Jun, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.

Action-Not Available
Vendor-sematelln/a
Product-replyonen/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-47008
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.5||HIGH
EPSS-46.59% / 98.68%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 16:28
Updated-16 Oct, 2024 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-24856
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-9.66% / 94.91%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 15:25
Updated-23 Apr, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery in FlyteConsole

FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.

Action-Not Available
Vendor-flyteflyteorg
Product-flyte_consoleflyteconsole
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-25026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-24.35% / 97.60%
||
7 Day CHG+0.18%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy.

Action-Not Available
Vendor-rocketsoftwaren/a
Product-trufusion_enterprisen/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-24980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 63.98%
||
7 Day CHG~0.00%
Published-19 Feb, 2022 | 03:48
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to view the content of any file or webpage the webserver has access to.

Action-Not Available
Vendor-kitodon/a
Product-kitodo.presentationn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-45317
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.14%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 08:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.

Action-Not Available
Vendor-SonicWall Inc.
Product-SMA1000
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-24241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 61.85%
||
7 Day CHG~0.00%
Published-27 May, 2022 | 18:29
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

Action-Not Available
Vendor-acewaren/a
Product-aceweb_online_portaln/a
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2024-46468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.19%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-27 May, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.

Action-Not Available
Vendor-jpressn/ajpress
Product-jpressn/ajpress
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-23206
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.98% / 78.09%
||
7 Day CHG+0.03%
Published-06 Feb, 2022 | 15:15
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_controlApache Traffic Control
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-71324
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.35% / 26.62%
||
7 Day CHG+0.01%
Published-25 Jun, 2026 | 21:41
Updated-30 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flowise - Arbitrary File Read via chatId Parameter

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is evaluated after the storage-directory containment check, allowing path traversal beyond the intended storage directory. Unauthenticated attackers can read sensitive files such as /root/.flowise/database.sqlite, exposing all database content in the default configuration.

Action-Not Available
Vendor-flowiseaiFlowise
Product-flowiseFlowise
CWE ID-CWE-73
External Control of File Name or Path
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found