Total
2097 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4967 | 1 Esri | 1 Portal For Arcgis | 2025-12-15 | 9.1 Critical |
| Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections. | ||||
| CVE-2025-11970 | 1 Wordpress | 1 Wordpress | 2025-12-15 | 4.4 Medium |
| The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibot_call_webhook_with_error() and emplibot_process_zip_data() functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-13281 | 1 Kubernetes | 1 Kubernetes | 2025-12-15 | 5.8 Medium |
| A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services). | ||||
| CVE-2025-43747 | 1 Liferay | 2 Digital Experience Platform, Dxp | 2025-12-12 | 6.5 Medium |
| A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation is not distinguishing between trusted subdomains and malicious domains. | ||||
| CVE-2025-43763 | 1 Liferay | 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more | 2025-12-12 | 6.5 Medium |
| A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment fields. This flaw allows an attacker to manipulate the application into making unauthorized requests to other instances, creating new object entries that link to external resources. | ||||
| CVE-2020-36884 | 1 Brightsign | 1 Digital Signage Diagnostic Web Server | 2025-12-12 | N/A |
| BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts. | ||||
| CVE-2025-11467 | 2 Themeisle, Wordpress | 2 Rss Aggregator By Feedzy, Wordpress | 2025-12-12 | 5.8 Medium |
| The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzy_lazy_load function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-12832 | 1 Ibm | 1 Infosphere Information Server | 2025-12-10 | 4.6 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-59775 | 2 Apache, Microsoft | 2 Http Server, Windows | 2025-12-10 | 7.5 High |
| Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue. | ||||
| CVE-2025-65958 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2025-12-10 | 8.5 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37. | ||||
| CVE-2025-60319 | 1 Perfree | 1 Perfreeblog | 2025-12-09 | 6.5 Medium |
| PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java). | ||||
| CVE-2025-14116 | 1 Yuxi-know Project | 1 Yuxi-know | 2025-12-08 | 4.7 Medium |
| A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion). | ||||
| CVE-2025-62763 | 1 Zimbra | 1 Collaboration | 2025-12-08 | 5 Medium |
| Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy. | ||||
| CVE-2025-22399 | 1 Dell | 1 Utility Configuration Collector Edge | 2025-12-06 | 7.9 High |
| Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery | ||||
| CVE-2024-53696 | 1 Qnap | 3 Qts, Qulog Center, Quts Hero | 2025-12-06 | 4.9 Medium |
| A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.829 ( 2024/10/01 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later QTS 4.5.4.2957 build 20241119 and later QuTS hero h4.5.4.2956 build 20241119 and later | ||||
| CVE-2017-1000237 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 9.8 Critical |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | ||||
| CVE-2018-1000138 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 9.1 Critical |
| I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | ||||
| CVE-2018-1000124 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 10.0 Critical |
| I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. | ||||
| CVE-2025-20388 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-12-05 | 2.7 Low |
| In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. | ||||
| CVE-2025-13809 | 1 Orionsec | 1 Orion-ops | 2025-12-04 | 6.3 Medium |
| A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way. | ||||