Export limit exceeded: 13705 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2394 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29008 | 2026-04-15 | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark socialmark allows Server Side Request Forgery.This issue affects SocialMark: from n/a through <= 2.0.7. | ||||
| CVE-2025-49917 | 2 Icegram, Wordpress | 2 Icegram Express, Wordpress | 2026-04-15 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through <= 5.9.5. | ||||
| CVE-2025-61768 | 1 Kuno | 1 Kuno Cms | 2026-04-15 | N/A |
| KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF (Server-Side Request Forgery) vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external image reference, causing the server to initiate an outgoing connection to an arbitrary external URL. This can lead to information disclosure or internal network probing. Version 1.3.15 contains a fix for the issue. | ||||
| CVE-2025-68030 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5. | ||||
| CVE-2025-53250 | 2026-04-15 | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in Chartbeat Chartbeat chartbeat allows Server Side Request Forgery.This issue affects Chartbeat: from n/a through <= 2.0.7. | ||||
| CVE-2025-60181 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Server Side Request Forgery.This issue affects Silencesoft RSS Reader: from n/a through <= 0.6. | ||||
| CVE-2025-64430 | 1 Parse Community | 1 Parse Server | 2026-04-15 | 7.5 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter, allowing execution of an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server's file storage as the server crashes upon receiving the response. This issue is fixed in versions 7.5.4 and 8.4.0-alpha.1. | ||||
| CVE-2025-59437 | 1 Fedorindutny | 1 Ip | 2026-04-15 | 3.2 Low |
| The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection attempts to the IP address 0 (interpreted as 0.0.0.0) are blocked with error messages such as net::ERR_ADDRESS_INVALID. However, in some situations that depend on both application version and operating system, connection attempts to 0 and 0.0.0.0 are considered connection attempts to 127.0.0.1 (and, for this reason, a false value of isPublic would be preferable). | ||||
| CVE-2025-59436 | 1 Fedorindutny | 1 Ip | 2026-04-15 | 3.2 Low |
| The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. | ||||
| CVE-2025-69299 | 2 Laborator, Wordpress | 2 Oxygen, Wordpress | 2026-04-15 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8. | ||||
| CVE-2025-59138 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through <= 1.6.6. | ||||
| CVE-2025-47437 | 2 Litespeed Technologies, Wordpress | 2 Litespeed Cache, Wordpress | 2026-04-15 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 7.0.1. | ||||
| CVE-2025-58203 | 2 Solacewp, Wordpress | 2 Solace Extra, Wordpress | 2026-04-15 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra solace-extra allows Server Side Request Forgery.This issue affects Solace Extra: from n/a through <= 1.3.2. | ||||
| CVE-2025-57814 | 1 Azu | 1 Request-filtering-agent | 2026-04-15 | N/A |
| request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to potentially access internal HTTPS services running on localhost, bypassing the library's SSRF protection. The vulnerability is particularly dangerous when the application accepts user-controlled URLs and internal services are only protected by network-level restrictions. This vulnerability has been fixed in request-filtering-agent version 2.0.0. Users should upgrade to version 2.0.0 or later. | ||||
| CVE-2025-54924 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2026-04-15 | 7.5 High |
| CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint. | ||||
| CVE-2025-54370 | 1 Phpoffice | 1 Phpspreadsheet | 2026-04-15 | N/A |
| PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a crafted string from the user is passed to the HTML reader. This issue has been patched in versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0. | ||||
| CVE-2023-46295 | 1 Teledyne | 1 Flir M300 | 2026-04-15 | 9.8 Critical |
| An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to the vulnerable PHP page. An attacker can elevate to root permissions with Sudo. | ||||
| CVE-2025-52967 | 1 Lfprojects | 1 Mlflow | 2026-04-15 | 5.8 Medium |
| gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | ||||
| CVE-2025-62988 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3. | ||||
| CVE-2024-5021 | 1 Nimble3 | 1 Wordpress Picture\/portfolio\/media Gallery | 2026-04-15 | 9.3 Critical |
| The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||