Total
1743 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59346 | 2 Dragonflyoss, Linuxfoundation | 2 Dragonfly2, Dragonfly | 2025-09-18 | 5.3 Medium |
| Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery (SSRF) vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to them. The issue arises because the Manager API accepts a user-supplied URL when creating a Preheat job with weak validation, peers can trigger other peers to fetch an arbitrary URL through pieceManager.DownloadSource, and internal HTTP clients follow redirects, allowing a request to a malicious server to be redirected to internal services. This can be used to probe or access internal HTTP endpoints. The vulnerability is fixed in version 2.1.0. | ||||
| CVE-2025-10410 | 2 Rems, Sourcecodester | 2 Link Status Checker, Link Status Checker | 2025-09-18 | 6.3 Medium |
| A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2024-28435 | 1 Twenty | 1 Twenty | 2025-09-18 | 5.4 Medium |
| The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. | ||||
| CVE-2025-57055 | 1 Wondercms | 1 Wondercms | 2025-09-18 | 6.5 Medium |
| WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curl_exec() without sufficient validation, allowing the attacker to force internal or external HTTP requests. | ||||
| CVE-2025-9862 | 1 Ghost | 1 Ghost | 2025-09-18 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3. | ||||
| CVE-2025-44594 | 1 Halo | 1 Halo | 2025-09-17 | 9.1 Critical |
| halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url. | ||||
| CVE-2025-53767 | 1 Microsoft | 2 Azure, Azure Openai | 2025-09-17 | 10 Critical |
| Azure OpenAI Elevation of Privilege Vulnerability | ||||
| CVE-2025-53760 | 1 Microsoft | 3 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2019 | 2025-09-17 | 7.1 High |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-10471 | 1 Zkeacms | 1 Zkeacms | 2025-09-17 | 6.3 Medium |
| A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-58045 | 1 Dataease | 1 Dataease | 2025-09-17 | N/A |
| Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not filtered, allowing attackers to exploit the DB2 JDBC connection string to trigger server-side request forgery (SSRF). In higher versions of Java, ldap deserialization (autoDeserialize) is disabled by default, preventing remote code execution, but SSRF remains exploitable. Versions up to 2.10.12 are affected. The issue is fixed in version 2.10.13. Updating to 2.10.13 or later is recommended. No known workarounds are documented aside from upgrading. | ||||
| CVE-2025-59436 | 1 Fedorindutny | 1 Ip | 2025-09-17 | 3.2 Low |
| The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. | ||||
| CVE-2025-59437 | 1 Fedorindutny | 1 Ip | 2025-09-17 | 3.2 Low |
| The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection attempts to the IP address 0 (interpreted as 0.0.0.0) are blocked with error messages such as net::ERR_ADDRESS_INVALID. However, in some situations that depend on both application version and operating system, connection attempts to 0 and 0.0.0.0 are considered connection attempts to 127.0.0.1 (and, for this reason, a false value of isPublic would be preferable). | ||||
| CVE-2025-10329 | 2 Cdevroe, Unmark | 2 Unmark, Unmark | 2025-09-16 | 6.3 Medium |
| A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-59155 | 2025-09-16 | N/A | ||
| hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The stdio transport mode is not affected because it only accepts stdio requests. The issue is fixed in version 1.5.0, which enforces allowed endpoints and supports the ALLOWED_HACKMD_API_URLS environment variable. Users should update to 1.5.0 or later or apply documented mitigations such as switching to stdio mode, restricting outbound network access, or filtering the Hackmd-Api-Url header and related query parameter via a reverse proxy. | ||||
| CVE-2024-1233 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus, Jbosseapxp | 2025-09-16 | 7.3 High |
| A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability. | ||||
| CVE-2025-10397 | 1 Maccms | 1 Maccms | 2025-09-15 | 4.7 Medium |
| A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-10395 | 1 Maccms | 1 Maccms | 2025-09-15 | 4.7 Medium |
| A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely. | ||||
| CVE-2025-10393 | 1 Morphic Project | 1 Morphic | 2025-09-15 | 6.3 Medium |
| A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2025-7103 | 2 Boyun, Boyuncms Project | 2 Boyuncms, Boyuncms | 2025-09-15 | 6.3 Medium |
| A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-10453 | 2025-09-15 | 5.3 Medium | ||
| O'View MapServer developed by PilotGaea Technologies has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network. | ||||