Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40500 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-40500 (CVE-2026-40500)
SSRF in CVE-2026-40500 (CVE-2026-40500). Confidential information can be exposed externally.
|
| CVE-2026-5936 |
|
SSRF (Server-Side Request Forgery) in foxit (CVE-2026-5936)
SSRF in foxit (CVE-2026-5936). Confidential information can be exposed externally.
|
| CVE-2026-40175 |
|
Vulnerability in axios (CVE-2026-40175)
vulnerability in axios (CVE-2026-40175). Risk of unauthorized operations or information disclosure. Exploitable via `GET /pings`. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-40089 |
|
SSRF (Server-Side Request Forgery) in c (CVE-2026-40089)
SSRF in c (CVE-2026-40089). Confidential information can be exposed externally.
|
| CVE-2026-40072 |
|
SSRF (Server-Side Request Forgery) in web3 (CVE-2026-40072)
SSRF in web3 (CVE-2026-40072). Risk of unauthorized operations or information disclosure. Exploitable via ``OffchainLookup``. Mitigation: upgrade to `8.0.0b2` or later.
|
| CVE-2025-62718 |
|
Vulnerability in axios (CVE-2025-62718)
vulnerability in axios (CVE-2025-62718). Confidential information can be exposed externally. Exploitable via ``NO_PROXY``. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-32591 |
|
SSRF (Server-Side Request Forgery) in redhat (CVE-2026-32591)
SSRF in redhat (CVE-2026-32591). Confidential information can be exposed externally.
|
| CVE-2026-31017 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-31017)
SSRF in ssrf (CVE-2026-31017). Confidential information can be exposed externally.
|
| CVE-2026-2377 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-2377)
SSRF in ssrf (CVE-2026-2377). Confidential information can be exposed externally.
|
| CVE-2026-5530 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-5530 (CVE-2026-5530)
SSRF in CVE-2026-5530 (CVE-2026-5530). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22664 |
|
SSRF (Server-Side Request Forgery) in fka (CVE-2026-22664)
SSRF in fka (CVE-2026-22664). Confidential information can be exposed externally. Exploitable via `Authorization header`.
|
| CVE-2026-32871 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32871)
SSRF in ssrf (CVE-2026-32871). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-34881 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34881)
SSRF in ssrf (CVE-2026-34881). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22742 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22742)
SSRF in ssrf (CVE-2026-22742). Confidential information can be exposed externally.
|
| CVE-2026-4874 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-4874)
SSRF in ssrf (CVE-2026-4874). Risk of unauthorized operations or information disclosure. Exploitable via ``client_session_host``.
|
| CVE-2026-4366 |
|
SSRF (Server-Side Request Forgery) in redhat (CVE-2026-4366)
SSRF in redhat (CVE-2026-4366). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24316 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24316)
SSRF in ssrf (CVE-2026-24316). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25960 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25960)
SSRF in ssrf (CVE-2026-25960). Confidential information can be exposed externally.
|
| CVE-2021-22054 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Omnissa workspace-one-uem (CVE-2021-22054)
SSRF in Omnissa workspace-one-uem (CVE-2021-22054). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-45691 |
|
Path Traversal in vibrantlabsai (CVE-2025-45691)
path traversal in vibrantlabsai (CVE-2025-45691). Confidential information can be exposed externally.
|
| CVE-2026-29049 |
|
Vulnerability in chainguard.dev/melange (CVE-2026-29049)
vulnerability in chainguard.dev/melange (CVE-2026-29049). Risk of unauthorized operations or information disclosure. Exploitable via ``io.Copy``. Mitigation: upgrade to `0.43.4` or later.
|
| CVE-2021-22175 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in gitlab (CVE-2021-22175)
SSRF in gitlab (CVE-2021-22175). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-7796 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Synacor zimbra-collaboration-suite (CVE-2020-7796)
SSRF in Synacor zimbra-collaboration-suite (CVE-2020-7796). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-11242 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-11242)
SSRF in ssrf (CVE-2025-11242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25580 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25580)
SSRF in ssrf (CVE-2026-25580). Confidential information can be exposed externally. Mitigation: upgrade to `1.56.0` or later.
|
| CVE-2021-39935 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Gitlab community-and-enterprise-editions (CVE-2021-39935)
SSRF in Gitlab community-and-enterprise-editions (CVE-2021-39935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24779 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24779)
SSRF in ssrf (CVE-2026-24779). Confidential information can be exposed externally. Exploitable via ``MediaConnector``.
|
| CVE-2025-56589 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-56589)
SSRF in ssrf (CVE-2025-56589). Confidential information can be exposed externally.
|
| CVE-2025-68616 |
|
Open Redirect in weasyprint (CVE-2025-68616)
vulnerability in weasyprint (CVE-2025-68616). Confidential information can be exposed externally. Exploitable via ``default_url_fetcher``. Mitigation: upgrade to `68.0` or later.
|
| CVE-2026-0532 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-0532 (CVE-2026-0532)
SSRF in CVE-2026-0532 (CVE-2026-0532). Confidential information can be exposed externally.
|
| CVE-2025-65784 |
|
SSRF (Server-Side Request Forgery) in hubert (CVE-2025-65784)
SSRF in hubert (CVE-2025-65784). Confidential information can be exposed externally.
|
| CVE-2025-59088 |
|
SSRF (Server-Side Request Forgery) in CVE-2025-59088 (CVE-2025-59088)
SSRF in CVE-2025-59088 (CVE-2025-59088). Confidential information can be exposed externally.
|
| CVE-2025-60898 |
|
SSRF (Server-Side Request Forgery) in c (CVE-2025-60898)
SSRF in c (CVE-2025-60898). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61884 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Oracle e-business-suite (CVE-2025-61884)
SSRF in Oracle e-business-suite (CVE-2025-61884). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-57305 |
|
VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp.
VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp.
|
| CVE-2021-21311 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in adminer (CVE-2021-21311)
SSRF in adminer (CVE-2021-21311). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-36851 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2020-36851)
SSRF in ssrf (CVE-2020-36851). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-5260 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-5260)
SSRF in ssrf (CVE-2025-5260). Confidential information can be exposed externally.
|
| CVE-2025-51058 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-51058)
SSRF in ssrf (CVE-2025-51058). Confidential information can be exposed externally.
|
| CVE-2024-55399 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2024-55399)
SSRF in ssrf (CVE-2024-55399). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-45939 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-45939)
SSRF in ssrf (CVE-2025-45939). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-52163 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-52163)
SSRF in ssrf (CVE-2025-52163). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-51591 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-51591)
SSRF in ssrf (CVE-2025-51591). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-9621 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9621)
SSRF in Synacor zimbra-collaboration-suite-zcs (CVE-2019-9621). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-5276 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-5276)
SSRF in ssrf (CVE-2025-5276). Confidential information can be exposed externally.
|
| CVE-2025-25827 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-25827)
SSRF in ssrf (CVE-2025-25827). Confidential information can be exposed externally.
|
| CVE-2025-25785 |
|
SSRF (Server-Side Request Forgery) in c (CVE-2025-25785)
SSRF in c (CVE-2025-25785). Confidential information can be exposed externally.
|
| CVE-2024-55875 |
|
Information Disclosure in org.http4k:http4k-format-xml (CVE-2024-55875)
vulnerability in org.http4k:http4k-format-xml (CVE-2024-55875). Successful exploitation can lead to full system takeover. Exploitable via ``DocumentBuilderFactory``. Mitigation: upgrade to `6.50.0.0` or later.
|
| CVE-2024-21527 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2024-21527)
SSRF in ssrf (CVE-2024-21527). Confidential information can be exposed externally.
|
| CVE-2024-27620 |
|
SSRF (Server-Side Request Forgery) in CVE-2024-27620 (CVE-2024-27620)
SSRF in CVE-2024-27620 (CVE-2024-27620). Confidential information can be exposed externally.
|