Total
1835 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32691 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.4. | ||||
| CVE-2024-37208 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7. | ||||
| CVE-2024-6922 | 1 Automationanywhere | 1 Automation 360 | 2025-07-13 | N/A |
| Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server. | ||||
| CVE-2024-13957 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-07-13 | 7.6 High |
| SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2025-46503 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery. This issue affects Simple Google Photos Grid: from n/a through 1.5. | ||||
| CVE-2024-54385 | 1 Softlab | 1 Radio Player | 2025-07-13 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82. | ||||
| CVE-2024-30531 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through 3.2.0. | ||||
| CVE-2024-27775 | 1 Sysaid | 1 Sysaid | 2025-07-13 | 7.2 High |
| SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash | ||||
| CVE-2024-4894 | 1 Itpison | 1 Omicard Edm | 2025-07-13 | 5.3 Medium |
| ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information. | ||||
| CVE-2025-23221 | 1 Dahlia | 1 Fedify | 2025-07-13 | 5.4 Medium |
| Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4. | ||||
| CVE-2024-13856 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Your Friendly Drag and Drop Page Builder — Make Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.10 via the make_builder_ajax_subscribe() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-41664 | 1 Thinkst | 1 Canarytokens | 2025-07-12 | 5.4 Medium |
| Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytoken is first created, the site will make a test request to the supplied URL to ensure it accepts alert notification HTTP requests. No safety checks were performed on the URL, leading to a Server-Side Request Forgery vulnerability. The SSRF is Blind because the content of the response is not displayed to the creating user; they are simply told whether an error occurred in making the test request. Using the Blind SSRF, it was possible to map out open ports for IPs inside the Canarytokens.org infrastructure. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`. | ||||
| CVE-2024-33592 | 2 Softlab, Wordpress | 2 Radio Player, Wordpress | 2025-07-12 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | ||||
| CVE-2025-30914 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery. This issue affects Metform: from n/a through 3.9.2. | ||||
| CVE-2024-39637 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Server Side Request Forgery (SSRF) vulnerability in Pixelcurve Edubin edubin.This issue affects Edubin: from n/a through 9.2.0. | ||||
| CVE-2024-33627 | 1 Cusmin | 1 Absolutely Glamorous Custom Admin | 2025-07-12 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2. | ||||
| CVE-2024-36458 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-12 | N/A |
| The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. | ||||
| CVE-2025-1662 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-8099 | 2 Duckdb, Vanna-ai | 2 Duckdb, Vanna | 2025-07-12 | N/A |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as `read_csv`, `read_csv_auto`, `read_text`, and `read_blob`, to make unauthorized requests to internal or external resources. This can lead to unauthorized access to sensitive data, internal systems, and potentially further attacks. | ||||
| CVE-2025-46531 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery. This issue affects WP AVCL Automation Helper (formerly WPFlyLeads): from n/a through 3.4. | ||||