| Vulnerability Name |
CVE
CWE
|
CWE |
Severity |
|
Adminer Server Side Request Forgery (SSRF)
|
CVE-2021-21311
CWE-918
|
CWE-918
|
Medium
|
|
Apache HTTP Server mod_proxy SSRF (CVE-2021-40438)
|
CVE-2021-40438
CWE-918
|
CWE-918
|
High
|
|
Apache mod_jk access control bypass
|
CVE-2018-11759
CWE-918
|
CWE-918
|
Medium
|
|
Apache OFBiz SSRF (CVE-2023-50968)
|
CVE-2023-50968
CWE-918
|
CWE-918
|
High
|
|
Apache Solr SSRF CVE-2017-3164
|
CWE-918
|
CWE-918
|
Medium
|
|
Appwrite favicon SSRF (CVE-2023-27159)
|
CVE-2023-27159
CWE-918
|
CWE-918
|
High
|
|
Atlassian OAuth Plugin IconUriServlet SSRF
|
CVE-2017-9506
CWE-918
|
CWE-918
|
High
|
|
Auxiliary systems SSRF
|
CWE-918
|
CWE-918
|
High
|
|
ChatGPT-Next-Web SSRF (CVE-2023-49785)
|
CVE-2023-49785
CWE-918
|
CWE-918
|
Critical
|
|
Cloud metadata publicly exposed
|
CWE-918
|
CWE-918
|
High
|
|
Edge Side Include injection
|
CWE-918
|
CWE-918
|
High
|
|
Ext JS arbitrary file read
|
CWE-22
|
CWE-22
|
High
|
|
GeoServer SSRF (CVE-2021-40822)
|
CVE-2021-40822
CWE-918
|
CWE-918
|
High
|
|
GeoServer WMS SSRF (CVE-2023-43795)
|
CVE-2023-43795
CWE-918
|
CWE-918
|
High
|
|
Gitlab CI Lint SSRF
|
CWE-918
|
CWE-918
|
Medium
|
|
Grafana avatar SSRF
|
CVE-2020-13379
CWE-78
|
CWE-78
|
High
|
|
Hasura GraphQL API without authentication
|
CWE-200
|
CWE-200
|
Medium
|
|
HTTP/2 pseudo-header server side request forgery
|
CWE-918
|
CWE-918
|
High
|
|
imgproxy SSRF (CVE-2023-30019)
|
CVE-2023-30019
CWE-918
|
CWE-918
|
Medium
|
|
Jira Unauthorized SSRF via REST API
|
CVE-2019-8451
CWE-918
|
CWE-918
|
High
|
|
Keycloak request_uri SSRF (CVE-2020-10770)
|
CVE-2020-10770
CWE-918
|
CWE-918
|
Medium
|
|
Liferay XMLRPC Blind SSRF
|
CWE-918
|
CWE-918
|
Medium
|
|
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability
|
CVE-2021-26855
CWE-918
|
CWE-918
|
High
|
|
Next.js image Blind SSRF
|
CWE-918
|
CWE-918
|
Medium
|
|
Openfire Admin Console Full Read SSRF
|
CVE-2019-18394
CWE-918
|
CWE-918
|
High
|
|
Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616
|
CWE-611
|
CWE-611
|
High
|
|
Oracle E-Business Suite SSRF (CVE-2017-10246)
|
CVE-2017-10246
CWE-918
|
CWE-918
|
High
|
|
Oracle E-Business Suite SSRF (CVE-2018-3167)
|
CVE-2018-3167
CWE-918
|
CWE-918
|
Medium
|
|
Oracle Weblogic T3 XXE (CVE-2019-2647)
|
CVE-2019-2647
CWE-611
|
CWE-611
|
High
|
|
Oracle Weblogic T3 XXE (CVE-2019-2888)
|
CVE-2019-2888
CWE-611
|
CWE-611
|
High
|
|
Paperclip gem SSRF (Server side request forgery)
|
CVE-2017-0889
CWE-918
|
CWE-918
|
High
|
|
Reverse proxy misrouting
|
CWE-918
|
CWE-918
|
High
|
|
Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
|
CWE-918
|
CWE-918
|
Medium
|
|
SAML Consumer Service External Dereference SSRF
|
CWE-918
|
CWE-918
|
High
|
|
SAML Consumer Service XSLT injection
|
CWE-91
|
CWE-91
|
High
|
|
SAP BO BIP SSRF (CVE-2020-6308)
|
CWE-918
|
CWE-918
|
Medium
|
|
SAP NetWeaver ipcpricing server side request forgery
|
CWE-918
|
CWE-918
|
High
|
|
SAP NW DI SSRF vulnerability (CVE-2021-33690)
|
CVE-2021-33690
CWE-918
|
CWE-918
|
High
|
|
Server-Side Request Forgery
|
CWE-918
|
CWE-918
|
Critical
|
|
Skype for Business SSRF (CVE-2023-41763)
|
CVE-2023-41763
CWE-918
|
CWE-918
|
High
|
|
SOAP WS-Addressing SSRF
|
CWE-918
|
CWE-918
|
Medium
|
|
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
|
CVE-2024-21893
CWE-918
|
CWE-918
|
High
|
|
SSRF in Server-Side Rendering
|
CWE-918
|
CWE-918
|
High
|
|
SSRF via logo_uri in MITREid Connect
|
CVE-2021-26715
CWE-918
|
CWE-918
|
High
|
|
TorchServe Management API SSRF (CVE-2023-43654)
|
CVE-2023-43654
CWE-918
|
CWE-918
|
Critical
|
|
VMware vCenter vcavbootstrap Arbitrary File Read
|
|
|
High
|
|
VMware vRealize Operations Server Side Request Forgery (SSRF) vulnerability
|
CVE-2021-21975
CWE-918
|
CWE-918
|
High
|
|
WebLogic Server Side Request Forgery
|
CVE-2014-4241
CVE-2014-4210
CVE-2014-4242
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin All in One Social Lite Server-Side Request Forgery (1.0)
|
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Canto Multiple Server-Side Request Forgery Vulnerabilities (1.7.0)
|
CVE-2020-28976
CVE-2020-28977
CVE-2020-28978
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Craw Data Server-Side Request Forgery (1.0.0)
|
CVE-2022-2912
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Dropbox Folder Share Server-Side Request Forgery (1.9.7)
|
CVE-2023-3025
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Essential Addons for Elementor Server-Side Request Forgery (2.9.8)
|
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Flog Server-Side Request Forgery (1.0beta3)
|
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Google Forms Server-Side Request Forgery (0.91)
|
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Import all XML, CSV & TXT into WordPress Server-Side Request Forgery (6.5.2)
|
CVE-2022-1977
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Import XML and RSS Feeds Server-Side Request Forgery (2.0.2)
|
CVE-2020-24148
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin jRSS Widget Server-Side Request Forgery (1.2)
|
CVE-2014-9292
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)
|
CVE-2023-6991
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)
|
CVE-2021-24150
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Mapplic-Custom Interactive Map Server-Side Request Forgery (6.1)
|
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Mapplic Lite Server-Side Request Forgery (1.0)
|
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Nelio AB Testing Server-Side Request Forgery (4.5.10)
|
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin PhonePe Payment Solutions Server-Side Request Forgery (1.0.15)
|
CVE-2022-45835
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Server-Side Request Forgery (4.2.5)
|
CVE-2023-6294
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Server-Side Request Forgery (2.1.6)
|
CVE-2022-2352
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)
|
CVE-2019-11565
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)
|
CVE-2022-36376
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin RSS Aggregator by Feedzy-Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Server-Side Request Forgery (4.4.7)
|
CVE-2023-6805
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin RSVPMaker Server-Side Request Forgery (8.7.2)
|
CVE-2021-24371
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Telefication Server-Side Request Forgery (1.8.0)
|
CVE-2021-39339
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin W3 Total Cache Server-Side Request Forgery (0.9.7.3)
|
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)
|
CVE-2022-3708
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)
|
CVE-2024-5021
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Server-Side Request Forgery (2.2.23)
|
CVE-2024-1855
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin WP Smart Import: Import any XML File to WordPress Server-Side Request Forgery (1.0.0)
|
CVE-2020-24147
CWE-918
|
CWE-918
|
High
|
|
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Server-Side Request Forgery (3.4.3)
|
CVE-2024-4469
CWE-918
|
CWE-918
|
High
|
|
WordPress Server-Side Request Forgery (3.7 - 6.1.1)
|
CVE-2022-3590
CWE-918
|
CWE-918
|
High
|
|
Zimbra Collaboration Suite SSRF (CVE-2020-7796)
|
CVE-2020-7796
CWE-918
|
CWE-918
|
High
|
