Total
1835 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4967 | 1 Esri | 1 Portal For Arcgis | 2025-07-30 | 9.1 Critical |
| Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections. | ||||
| CVE-2025-2243 | 1 Bitdefender | 1 Gravityzone | 2025-07-30 | 7.3 High |
| A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1. | ||||
| CVE-2024-10044 | 1 Lm-sys | 1 Fastchat | 2025-07-29 | N/A |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint. | ||||
| CVE-2024-2206 | 1 Gradio Project | 1 Gradio | 2025-07-29 | 6.5 Medium |
| An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the `build_proxy_request` function. | ||||
| CVE-2024-11603 | 1 Lm-sys | 1 Fastchat | 2025-07-29 | N/A |
| A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal networks or the AWS metadata endpoint, potentially exposing sensitive data and compromising internal servers. | ||||
| CVE-2024-2049 | 1 Citrix | 26 Citrix Sd Wan Premium Edition, Citrix Sd Wan Standard Edition, Sd-wan 1000 and 23 more | 2025-07-25 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP. | ||||
| CVE-2025-8020 | 2025-07-25 | 8.2 High | ||
| All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the package's source code. | ||||
| CVE-2025-5818 | 2 Krasenslavov, Wordpress | 2 Featured Image Plus, Wordpress | 2025-07-25 | 5.5 Medium |
| The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.4 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-20288 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2025-07-22 | 5.8 Medium |
| A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. | ||||
| CVE-2025-52362 | 1 Phproxy | 1 Phproxy | 2025-07-22 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl parameter can be bypassed, allowing a remote, unauthenticated attacker to submit a specially crafted URL | ||||
| CVE-2025-46385 | 2025-07-22 | 8.6 High | ||
| CWE-918 Server-Side Request Forgery (SSRF) | ||||
| CVE-2025-52163 | 2025-07-22 | 6.5 Medium | ||
| A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure. | ||||
| CVE-2025-54122 | 2025-07-22 | 10 Critical | ||
| Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an unauthenticated attacker to bypass network isolation and access restrictions, potentially enabling access to internal services, cloud metadata endpoints, and exfiltration of sensitive data from isolated network segments. This vulnerability is fixed in version 25.7.21.2525. | ||||
| CVE-2024-7959 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2025-07-21 | 7.7 High |
| The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets. | ||||
| CVE-2024-10457 | 1 Significant-gravitas | 1 Autogpt | 2025-07-21 | N/A |
| Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled by untrusted sources, leading to potential credential leakage, internal network scanning, and unauthorized access to internal services, APIs, or data stores. The affected blocks include GithubListPullRequestsBlock, GithubReadPullRequestBlock, GithubAssignPRReviewerBlock, GithubListPRReviewersBlock, GithubUnassignPRReviewerBlock, GithubCommentBlock, GithubMakeIssueBlock, GithubReadIssueBlock, GithubListIssuesBlock, GithubAddLabelBlock, GithubRemoveLabelBlock, GithubListBranchesBlock, and ExtractWebsiteContentBlock. | ||||
| CVE-2025-6851 | 2 Pluginrx, Wordpress | 2 Broken Link Notifier, Wordpress | 2025-07-17 | 7.2 High |
| The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-9408 | 1 Eclipse | 1 Glassfish | 2025-07-16 | 9.8 Critical |
| In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints. | ||||
| CVE-2025-2828 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain-ai/langchain | 2025-07-16 | 10.0 Critical |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28. | ||||
| CVE-2025-5817 | 1 Suhailahmad64 | 1 Amazon Products To Woocommerce | 2025-07-16 | 7.2 High |
| The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2023-48786 | 1 Fortinet | 1 Forticlientems | 2025-07-16 | 4.1 Medium |
| A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests. | ||||