Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-47358

Summary
Assigner-tenable
Assigner Org ID-5ac1ecc2-367a-4d16-a0b2-35d495ddd0be
Published At-19 May, 2026 | 15:53
Updated At-19 May, 2026 | 17:08
Rejected At-
Credits

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:tenable
Assigner Org ID:5ac1ecc2-367a-4d16-a0b2-35d495ddd0be
Published At:19 May, 2026 | 15:53
Updated At:19 May, 2026 | 17:08
Rejected At:
â–¼CVE Numbering Authority (CNA)

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

Affected Products
Vendor
Tenable, Inc.tenable
Product
Terrascan
Default Status
affected
Versions
Affected
  • From 0 through 1.18.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-918Server-Side Request Forgery (SSRF)
CWECWE-610Externally Controlled Reference to a Resource in Another Sphere
CWECWE-73External Control of File Name or Path
Type: CWE
CWE ID: CWE-918
Description: Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-610
Description: Externally Controlled Reference to a Resource in Another Sphere
Type: CWE
CWE ID: CWE-73
Description: External Control of File Name or Path
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Tristan Madani (@TristanInSec) from Talence Security
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/tenable/terrascan
N/A
Hyperlink: https://github.com/tenable/terrascan
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vulnreport@tenable.com
Published At:19 May, 2026 | 17:16
Updated At:20 May, 2026 | 14:18

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CPE Matches

Tenable, Inc.
tenable
>>terrascan>>Versions up to 1.18.3(inclusive)
cpe:2.3:a:tenable:terrascan:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-73Secondaryvulnreport@tenable.com
CWE-610Secondaryvulnreport@tenable.com
CWE-918Secondaryvulnreport@tenable.com
CWE-918Primarynvd@nist.gov
CWE ID: CWE-73
Type: Secondary
Source: vulnreport@tenable.com
CWE ID: CWE-610
Type: Secondary
Source: vulnreport@tenable.com
CWE ID: CWE-918
Type: Secondary
Source: vulnreport@tenable.com
CWE ID: CWE-918
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/tenable/terrascanvulnreport@tenable.com
Product
Hyperlink: https://github.com/tenable/terrascan
Source: vulnreport@tenable.com
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

340Records found

CVE-2026-47356
Matching Score-10
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-10
Assigner-Tenable Network Security, Inc.
CVSS Score-8.7||HIGH
EPSS-0.50% / 39.10%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 15:53
Updated-19 May, 2026 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

Action-Not Available
Vendor-Tenable, Inc.
Product-Terrascan
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-47357
Matching Score-10
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-10
Assigner-Tenable Network Security, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.48% / 38.09%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 15:53
Updated-19 May, 2026 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to "http". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response header, allowing the attacker's server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.

Action-Not Available
Vendor-Tenable, Inc.
Product-Terrascan
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-11044
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-3.7||LOW
EPSS-5.12% / 91.36%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 02:40
Updated-17 Sep, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
link() silently truncates after a null byte on Windows

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

Action-Not Available
Vendor-The PHP GroupFedora ProjectTenable, Inc.
Product-phpsecuritycenterfedoraPHP
CWE ID-CWE-170
Improper Null Termination
CVE-2026-13007
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-8.5||HIGH
EPSS-0.43% / 34.70%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 15:59
Updated-25 Jun, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.

Action-Not Available
Vendor-Tenable, Inc.
Product-Tenable Identity Exposure
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CVE-2020-7067
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-7.5||HIGH
EPSS-4.31% / 89.97%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 20:38
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OOB Read in urldecode()

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxTenable, Inc.The PHP Group
Product-communications_diameter_signaling_routerphpdebian_linuxtenable.scPHP
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-196
Unsigned to Signed Conversion Error
CVE-2020-5808
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.60%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 17:45
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.

Action-Not Available
Vendor-n/aTenable, Inc.
Product-tenable.scTenable.sc
CVE-2021-40438
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9||CRITICAL
EPSS-100.00% / 100.00%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-27 Oct, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-15||Apply updates per vendor instructions.
mod_proxy SSRF

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-resfF5, Inc.NetApp, Inc.Tenable, Inc.Oracle CorporationRed Hat, Inc.Siemens AGThe Apache Software FoundationBroadcom Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_for_ibm_z_systemsenterprise_linux_server_update_services_for_sap_solutionsjboss_core_servicesinstantis_enterprisetrackenterprise_linux_serversinema_serversinema_remote_connect_serversinec_nmstenable.sccloud_backupzfs_storage_appliance_kitsecure_global_desktopruggedcom_nmssoftware_collectionsdebian_linuxenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endianenterprise_linux_for_arm_64clustered_data_ontapenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsf5osenterprise_linuxenterprise_linux_eusenterprise_linux_for_ibm_z_systems_eus_s390xenterprise_linux_for_power_little_endianbrocade_fabric_operating_system_firmwareenterprise_manager_ops_centerenterprise_linux_for_arm_64_eushttp_serverrocky_linuxenterprise_linux_server_workstationenterprise_linux_server_ausenterprise_linux_server_tusfedoraenterprise_linux_for_scientific_computingenterprise_linux_workstationstoragegridApache HTTP ServerApache
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-24495
Matching Score-6
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-6
Assigner-Tenable Network Security, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.89% / 55.03%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.

Action-Not Available
Vendor-n/aTenable, Inc.
Product-tenable.scTenable.sc
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-25760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 27.58%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 00:00
Updated-09 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request.

Action-Not Available
Vendor-sucms_projectn/a
Product-sucmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-26487
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
ShareView Details
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
CVSS Score-8.6||HIGH
EPSS-0.30% / 21.52%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 08:44
Updated-22 Dec, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Request Forgery (SSRF) in the web server of Infinera MTC-9

Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge.

Action-Not Available
Vendor-InfineraNokia Corporation
Product-infinera_mtc-9_firmwareinfinera_mtc-9MTC-9
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-68616
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.19%
||
7 Day CHG+0.05%
Published-19 Jan, 2026 | 15:20
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Action-Not Available
Vendor-kozeaKozeaRed Hat, Inc.
Product-weasyprintWeasyPrintRed Hat Ansible Automation Platform 2
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-25235
Matching Score-4
Assigner-Omnissa, LLC
ShareView Details
Matching Score-4
Assigner-Omnissa, LLC
CVSS Score-8.6||HIGH
EPSS-0.28% / 19.37%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 21:47
Updated-12 Aug, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.

Action-Not Available
Vendor-Omnissa
Product-Secure Email Gateway
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-35667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.34% / 67.86%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:51
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-24485
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.8||MEDIUM
EPSS-5.30% / 91.59%
||
7 Day CHG+0.30%
Published-28 Jul, 2025 | 13:36
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-7412
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-8.6||HIGH
EPSS-0.52% / 40.10%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 14:15
Updated-06 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-Eclipse BaSyx
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-26815
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.6||HIGH
EPSS-1.40% / 69.11%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 16:13
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.

Action-Not Available
Vendor-SAP SE
Product-fiori_launchpad_\(news_tile_application\)SAP Fiori Launchpad (News Tile Application)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-41704
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.14% / 79.82%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-25 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-batikdebian_linuxApache XML Graphics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-59049
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.66% / 73.80%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 18:49
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mockoon has a Path Traversal and LFI in the static file serving endpoint

Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server filesystem. The issue may be particularly relevant in cloud hosted server instances. Version 9.2.0 fixes the issue.

Action-Not Available
Vendor-mockoon
Product-mockoon
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-24
Path Traversal: '../filedir'
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-6514
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.72%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 08:24
Updated-14 May, 2026 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-Infused Addons
Product-InfusedWoo Pro
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-5773
Matching Score-4
Assigner-curl
ShareView Details
Matching Score-4
Assigner-curl
CVSS Score-7.5||HIGH
EPSS-0.55% / 41.90%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 08:27
Updated-13 May, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wrong reuse of SMB connection

libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.

Action-Not Available
Vendor-CURL
Product-curlcurl
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-56266
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-0.28% / 19.41%
||
7 Day CHG-0.02%
Published-22 Jun, 2026 | 21:04
Updated-30 Jun, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.

Action-Not Available
Vendor-kidocodeCrawl4AI
Product-crawl4aiCrawl4AI
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-42733
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.56%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

Action-Not Available
Vendor-Siemens AG
Product-syngo_dynamics_cardiovascular_imaging_and_information_systemsyngo Dynamics
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2026-56285
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-0.36% / 28.02%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 17:13
Updated-29 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nitter - Server-Side Request Forgery in /video Media Proxy Endpoint

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including cloud metadata services and internal network resources.

Action-Not Available
Vendor-zedeus
Product-nitter
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-41412
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-4.09% / 89.49%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 00:00
Updated-24 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.

Action-Not Available
Vendor-perfsonarn/a
Product-perfsonarn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-42281
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-1.62% / 73.20%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 15:46
Updated-21 May, 2026 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MagicMirror²: Unauthenticated SSRF via /cors endpoint

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (**VAR_NAME**), enabling exfiltration of server-side secrets. This vulnerability is fixed in 2.36.0.

Action-Not Available
Vendor-magicmirrorMagicMirrorOrg
Product-magicmirrorMagicMirror
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-11451
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.74%
||
7 Day CHG+0.01%
Published-11 Nov, 2025 | 03:30
Updated-08 Apr, 2026 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aal_ajax_unit_loading' RST API endpoint. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-miunosoft
Product-Auto Amazon Links – Amazon Associates Affiliate Plugin
CWE ID-CWE-73
External Control of File Name or Path
CVE-2022-38211
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.60%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 05:13
Updated-10 Apr, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only)

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisArcGIS Enterprise
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-38203
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.11%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 05:13
Updated-10 Apr, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only)

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisPortal for ArcGIS
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-38212
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.11%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 05:13
Updated-10 Apr, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisArcGIS Enterprise
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-8952
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.67% / 47.52%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:10
Updated-01 Apr, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF in composiohq/composio

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system.

Action-Not Available
Vendor-composiocomposiohq
Product-composiocomposiohq/composio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-25580
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.58% / 43.42%
||
7 Day CHG+0.11%
Published-06 Feb, 2026 | 21:01
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially accessing internal services or cloud credentials. This vulnerability only affects applications that accept message history from external users. This vulnerability is fixed in 1.56.0.

Action-Not Available
Vendor-pydanticpydanticRed Hat, Inc.
Product-pydantic_aipydantic-aiRed Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-30404
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 16.52%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 00:00
Updated-02 Apr, 2026 | 12:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations.

Action-Not Available
Vendor-wgstartn/a
Product-wgcloudn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-30858
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 27.55%
||
7 Day CHG~0.00%
Published-07 Mar, 2026 | 16:34
Updated-09 Mar, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensitive local services and potentially exfiltrate data. This issue has been patched in version 0.3.0.

Action-Not Available
Vendor-tencentTencent
Product-weknoraWeKnora
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-52196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 21.71%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 00:00
Updated-02 Jan, 2026 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe.

Action-Not Available
Vendor-cteran/a
Product-cteran/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-5885
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.6||HIGH
EPSS-0.55% / 42.16%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:45
Updated-20 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in stangirard/quivr

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.

Action-Not Available
Vendor-quivrstangirardstangirard
Product-quivrstangirard/quivrquivr
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-5736
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-8.2||HIGH
EPSS-1.23% / 65.21%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 11:26
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF in AdmirorFrames Joomla! Extension

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

Action-Not Available
Vendor-admiror-design-studioNikola Vasilijevski
Product-admirorframesAdmirorFrames
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-57767
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-0.42% / 34.03%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 00:00
Updated-10 Apr, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.

Action-Not Available
Vendor-wangl1989n/a
Product-mysiteformen/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-55082
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.73%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-31196
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.6||HIGH
EPSS-0.81% / 52.60%
||
7 Day CHG+0.03%
Published-02 Sep, 2022 | 19:45
Updated-22 Apr, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) vulnerability in Databasir

Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.

Action-Not Available
Vendor-databasirvran-dev
Product-databasirdatabasir
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-29847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-55.86% / 98.92%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:56
Updated-27 Aug, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-whatsup_goldn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-30049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.42%
||
7 Day CHG~0.00%
Published-15 May, 2022 | 16:17
Updated-03 Aug, 2024 | 06:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.

Action-Not Available
Vendor-ruifang-techn/a
Product-rebuildn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-54000
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.65%
||
7 Day CHG+0.01%
Published-03 Dec, 2024 | 15:33
Updated-27 Jun, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mobile Security Framework (MobSF) bypass of SSRF fix

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7.

Action-Not Available
Vendor-Mobile Security Framework (MobSF)
Product-mobile_security_frameworkMobile-Security-Framework-MobSFmobile_security_framework
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-28997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 77.71%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 13:35
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

Action-Not Available
Vendor-cszcmsn/a
Product-cszcmsn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-51961
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-4
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.82%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 19:58
Updated-10 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local file inclusion (LFI) vulnerability in ArcGIS Server

There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server.  Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-arcgis_serverArcGIS Server
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE ID-CWE-73
External Control of File Name or Path
CVE-2022-29309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.20%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 02:17
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.

Action-Not Available
Vendor-wangl1989n/a
Product-mysiteformen/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-52598
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.46%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 14:09
Updated-04 Aug, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues.

Action-Not Available
Vendor-2fauthBubkabubka
Product-2fauth2FAuth2fauth
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-50714
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.04%
||
7 Day CHG+0.01%
Published-27 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via a crafted script to the /FB/getFbVideoSource.php component.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-25850
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-1.31% / 67.20%
||
7 Day CHG~0.00%
Published-01 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-side Request Forgery (SSRF)

The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.

Action-Not Available
Vendor-proxyscotch_projectn/a
Product-proxyscotchgithub.com/hoppscotch/proxyscotch
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-48360
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.91% / 89.01%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 00:00
Updated-01 Jul, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.

Action-Not Available
Vendor-qualitorn/aqualitor
Product-qualitorn/aqualitor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-49312
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.22% / 13.15%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:10
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Edwiser Bridge plugin <= 3.0.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.

Action-Not Available
Vendor-edwiserWisdmLabs
Product-bridgeEdwiser Bridge
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found