The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2023-25078 | Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Jul 13, 2023 |
| CVE-2023-5398 | Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Apr 17, 2024 |
| CVE-2023-5400 | Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Apr 17, 2024 |
| CVE-2023-5401 | Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Apr 17, 2024 |
| CVE-2023-5404 | Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Apr 17, 2024 |
| CVE-2023-5396 | Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Apr 17, 2024 |
| CVE-2023-5393 | Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Apr 11, 2024 |
| CVE-2023-5395 | Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Apr 17, 2024 |
| CVE-2023-5394 | Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Apr 11, 2024 |
| CVE-2023-5397 | Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | -- | Apr 17, 2024 |
| CVE-2019-11565 | Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. | HIGH | May 1, 2019 |
| CVE-2019-12959 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | MEDIUM | Aug 16, 2019 |
| CVE-2019-12994 | Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | MEDIUM | Aug 16, 2019 |
| CVE-2019-11767 | Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function. | MEDIUM | May 6, 2019 |
| CVE-2020-35205 | Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | HIGH | Jan 14, 2021 |
| CVE-2020-24327 | Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. | MEDIUM | Sep 23, 2021 |
| CVE-2021-40537 | Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation. | MEDIUM | Sep 9, 2021 |
| CVE-2024-25187 | Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html. | -- | Apr 2, 2024 |
| CVE-2022-42494 | Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. | -- | Nov 9, 2022 |
| CVE-2024-25864 | Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. | -- | Apr 3, 2024 |
| CVE-2021-27312 | Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php. | -- | Apr 3, 2024 |
| CVE-2024-27707 | Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. | -- | Mar 7, 2024 |
| CVE-2024-24028 | Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. | -- | Mar 21, 2024 |
| CVE-2023-36088 | Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information. | -- | Sep 1, 2023 |
| CVE-2018-2370 | Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | MEDIUM | Feb 15, 2018 |
| CVE-2017-16678 | Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | MEDIUM | Dec 12, 2017 |
| CVE-2020-19613 | Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | MEDIUM | Apr 1, 2021 |
| CVE-2021-45325 | Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | MEDIUM | Feb 11, 2022 |
| CVE-2018-9920 | Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. | MEDIUM | May 24, 2018 |
| CVE-2017-3164 | Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the \"shards\" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. | MEDIUM | Mar 28, 2019 |
| CVE-2021-21975 | Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | MEDIUM | Apr 5, 2021 |
| CVE-2021-39927 | Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443 | LOW | Jan 18, 2022 |
| CVE-2021-35391 | Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. | -- | Jul 24, 2023 |
| CVE-2017-12905 | Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | HIGH | Sep 25, 2017 |
| CVE-2024-22722 | Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. | -- | Apr 11, 2024 |
| CVE-2024-23761 | Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | -- | Feb 15, 2024 |
| CVE-2022-39824 | Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak. | -- | Sep 9, 2022 |
| CVE-2020-24147 | Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | MEDIUM | Jul 7, 2021 |
| CVE-2018-17198 | Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> --> | HIGH | Jun 11, 2019 |
| CVE-2024-2049 | Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP. | -- | Mar 12, 2024 |
| CVE-2022-4096 | Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. | -- | Nov 23, 2022 |
| CVE-2023-4624 | Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | -- | Aug 30, 2023 |
| CVE-2022-0508 | Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 | MEDIUM | Feb 9, 2022 |
| CVE-2022-0085 | Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | MEDIUM | Jun 28, 2022 |
| CVE-2022-0870 | Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. | MEDIUM | Mar 11, 2022 |
| CVE-2022-1285 | Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | MEDIUM | Jun 1, 2022 |
| CVE-2023-4878 | Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | -- | Sep 10, 2023 |
| CVE-2023-4651 | Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. | -- | Aug 31, 2023 |
| CVE-2022-2216 | Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. | HIGH | Jun 27, 2022 |
| CVE-2022-2900 | Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. | -- | Sep 16, 2022 |
