Export limit exceeded: 364922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (3807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-70042 2 Opensourcelabs, Oslabs-beta 2 Thermakube, Thermakube 2026-03-18 9.8 Critical
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.
CVE-2025-48418 1 Fortinet 6 Fortianalyzer, Fortianalyzer Cloud, Fortianalyzercloud and 3 more 2026-03-12 6.4 Medium
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.
CVE-2025-68613 1 N8n 1 N8n 2026-03-12 10 Critical
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
CVE-2025-9522 1 Tp-link 1 Omada Controller 2026-03-11 5.3 Medium
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.
CVE-2021-22054 1 Vmware 1 Workspace One Uem Console 2026-03-11 7.5 High
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
CVE-2025-45691 2 Explodinggradients, Vibrantlabsai 2 Ragas, Ragas 2026-03-10 7.5 High
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
CVE-2025-69219 1 Apache 2 Airflow Providers Http, Apache-airflow-providers-http 2026-03-10 8.8 High
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.
CVE-2025-36243 1 Ibm 1 Concert 2026-03-10 5.4 Medium
IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2023-34104 2 Naturalintelligence, Redhat 2 Fast-xml-parser, Migration Toolkit Applications 2026-03-09 7.5 High
fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option.
CVE-2025-14516 1 Yalantis 1 Ucrop 2026-03-05 6.3 Medium
A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-64427 2 Icewhaletech, Zimaspace 2 Zimaos, Zimaos 2026-03-05 7.1 High
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses (e.g., 127.0.0.1, localhost, or private network ranges). This allows the attacker to interact with internal HTTP/HTTPS services that are not intended to be exposed externally or to local users. No known patch is publicly available.
CVE-2025-34469 1 Cowrie 1 Cowrie 2026-03-05 7.5 High
Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no outbound request rate limiting was enforced, unauthenticated remote attackers could repeatedly invoke these commands to generate unbounded HTTP traffic toward arbitrary third-party targets, allowing the Cowrie honeypot to be abused as a denial-of-service amplification node and masking the attacker’s true source address behind the honeypot’s IP.
CVE-2020-36944 1 Ilias 2 Ilias, Learning Management System 2026-03-05 4 Medium
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.
CVE-2024-50337 1 Chamilo 1 Chamilo Lms 2026-03-03 5.3 Medium
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.
CVE-2025-50199 1 Chamilo 1 Chamilo Lms 2026-03-03 9.1 Critical
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.
CVE-2025-3572 1 Intumit 1 Smartrobot 2026-03-02 7.5 High
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server.
CVE-2025-8055 1 Opentext 1 Xm Fax 2026-02-27 5.3 Medium
Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery.  The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.
CVE-2025-50180 2 Esm, Esm-dev 2 Esm.sh, Esmsh 2026-02-27 7.5 High
esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability.
CVE-2025-21384 1 Microsoft 1 Azure Health Bot 2026-02-26 8.3 High
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVE-2025-29972 1 Microsoft 2 Azure Storage Resouce Provider, Azure Storage Resource Provider 2026-02-26 9.9 Critical
Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network.