Export limit exceeded: 19711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363403 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2805 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11148 1 Synology 1 Chat 2025-04-20 N/A
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.
CVE-2017-11149 1 Synology 1 Download Station 2025-04-20 N/A
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
CVE-2017-17697 1 Linuxfoundation 1 Harbor 2025-04-20 8.6 High
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
CVE-2017-12905 1 Vebto 1 Pixie - Image Editor 2025-04-20 10.0 Critical
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
CVE-2017-11291 1 Adobe 1 Connect 2025-04-20 N/A
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
CVE-2017-6130 1 F5 2 Ssl Intercept Iapp, Ssl Orchestrator 2025-04-20 N/A
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
CVE-2017-4928 1 Vmware 1 Vcenter Server 2025-04-20 N/A
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.
CVE-2017-0889 1 Thoughtbot 1 Paperclip 2025-04-20 N/A
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
CVE-2017-5617 2 Debian, Kitfox 2 Debian Linux, Svg Salamander 2025-04-20 7.4 High
The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.
CVE-2017-9355 1 Subsonic 1 Subsonic 2025-04-20 N/A
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
CVE-2017-6036 1 Belden Hirschmann 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware 2025-04-20 N/A
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination.
CVE-2016-7051 1 Fasterxml 1 Jackson-dataformat-xml 2025-04-20 8.6 High
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
CVE-2017-9066 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
CVE-2017-7566 1 Mybb 1 Mybb 2025-04-20 N/A
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
CVE-2017-16678 1 Sap 4 Epbc, Epbc2, Kmc-bc and 1 more 2025-04-20 N/A
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
CVE-2017-3546 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-20 N/A
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2017-10973 1 Finecms Project 1 Finecms 2025-04-20 N/A
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
CVE-2017-1000017 1 Phpmyadmin 1 Phpmyadmin 2025-04-20 N/A
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
CVE-2016-9417 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVE-2017-16870 1 Updraftplus 1 Updraftplus 2025-04-20 N/A
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary