Export limit exceeded: 34573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2727 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1662 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-8099 | 2 Duckdb, Vanna-ai | 2 Duckdb, Vanna | 2025-07-12 | N/A |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as `read_csv`, `read_csv_auto`, `read_text`, and `read_blob`, to make unauthorized requests to internal or external resources. This can lead to unauthorized access to sensitive data, internal systems, and potentially further attacks. | ||||
| CVE-2025-46531 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery. This issue affects WP AVCL Automation Helper (formerly WPFlyLeads): from n/a through 3.4. | ||||
| CVE-2024-56275 | 2 Envato, Wordpress | 2 Envato Elements, Wordpress | 2025-07-12 | 4.1 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14. | ||||
| CVE-2024-13879 | 2 Wordpress, Xwp | 2 Wordpress, Stream | 2025-07-12 | 5.5 Medium |
| The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. | ||||
| CVE-2024-2365 | 1 Musicshelf | 1 Musicshelf | 2025-07-12 | 1.6 Low |
| A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability. | ||||
| CVE-2024-45317 | 1 Sonicwall | 1 Sma1000 | 2025-07-12 | 7.5 High |
| A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address. | ||||
| CVE-2024-43989 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid allows Server Side Request Forgery.This issue affects Justified Image Grid: from n/a through 4.6.1. | ||||
| CVE-2025-30976 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks allows Server Side Request Forgery. This issue affects Nexa Blocks: from n/a through 1.1.0. | ||||
| CVE-2024-29021 | 1 Judge0 | 1 Judge0 | 2025-07-12 | 9.1 Critical |
| Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine. This vulnerability is fixed in 1.13.1. | ||||
| CVE-2024-44055 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Modules. This issue affects Oshine Modules: from n/a through n/a. | ||||
| CVE-2024-35172 | 2 Shortpixel, Wordpress | 2 Shortpixel Adaptive Images, Wordpress | 2025-07-12 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. | ||||
| CVE-2024-13857 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.5 Medium |
| The WPGet API – Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. | ||||
| CVE-2024-32819 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14. | ||||
| CVE-2024-30453 | 2 Brave, Wordpress | 2 Brave Popup Builder, Wordpress | 2025-07-12 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5. | ||||
| CVE-2024-25915 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2. | ||||
| CVE-2024-38758 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4. | ||||
| CVE-2024-31461 | 1 Makeplane | 1 Plane | 2025-07-12 | 9.1 Critical |
| Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests. | ||||
| CVE-2024-13190 | 1 Zerowdd | 1 Myblog | 2025-07-12 | 6.3 Medium |
| A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-0862 | 1 Proofpoint | 1 Enterprise Protection | 2025-07-12 | 5 Medium |
| The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses. | ||||