Total
2425 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8267 | 2 Felipperegazio, Ssrfcheck | 2 Ssrf Check, Ssrfcheck | 2025-08-07 | 8.2 High |
| Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses. | ||||
| CVE-2024-9870 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.3 Medium |
| An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services. | ||||
| CVE-2025-6087 | 2 Cloudflare, Opennextjs | 2 Create-cloudflare, Opennext For Cloudflare | 2025-08-06 | 9.1 Critical |
| A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /_next/image endpoint. This issue allowed attackers to load remote resources from arbitrary hosts under the victim site’s domain for any site deployed using the Cloudflare adapter for Open Next. For example: https://victim-site.com/_next/image?url=https://attacker.com In this example, attacker-controlled content from attacker.com is served through the victim site’s domain (victim-site.com), violating the same-origin policy and potentially misleading users or other services. Impact: * SSRF via unrestricted remote URL loading * Arbitrary remote content loading * Potential internal service exposure or phishing risks through domain abuse Mitigation: The following mitigations have been put in place: * Server side updates to Cloudflare’s platform to restrict the content loaded via the /_next/image endpoint to images. The update automatically mitigates the issue for all existing and any future sites deployed to Cloudflare using the affected version of the Cloudflare adapter for Open Next * Root cause fix https://github.com/opennextjs/opennextjs-cloudflare/pull/727 to the Cloudflare adapter for Open Next. The patched version of the adapter is found here @opennextjs/cloudflare@1.3.0 https://www.npmjs.com/package/@opennextjs/cloudflare/v/1.3.0 * Package dependency update https://github.com/cloudflare/workers-sdk/pull/9608 to create-cloudflare (c3) to use the fixed version of the Cloudflare adapter for Open Next. The patched version of create-cloudflare is found here: create-cloudflare@2.49.3 https://www.npmjs.com/package/create-cloudflare/v/2.49.3 In addition to the automatic mitigation deployed on Cloudflare’s platform, we encourage affected users to upgrade to @opennext/cloudflare v1.3.0 and use the remotePatterns https://nextjs.org/docs/pages/api-reference/components/image#remotepatterns filter in Next config https://nextjs.org/docs/pages/api-reference/components/image#remotepatterns if they need to allow-list external urls with images assets. | ||||
| CVE-2023-6195 | 1 Gitlab | 1 Gitlab | 2025-08-05 | 2.6 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository. | ||||
| CVE-2025-31490 | 1 Agpt | 1 Autogpt Platform | 2025-08-05 | 7.5 High |
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardening the application against SSRF. The code for this wrapper can be found in autogpt_platform/backend/backend/util/request.py. The requested hostname of a URL which is being requested is validated, ensuring that it does not resolve to any local ipv4 or ipv6 addresses. However, this check is not sufficient, as a DNS server may initially respond with a non-blocked address, with a TTL of 0. This means that the initial resolution would appear as a non-blocked address. In this case, validate_url() will return the url as successful. After validate_url() has successfully returned the url, the url is then passed to the real request() function. When the real request() function is called with the validated url, request() will once again resolve the address of the hostname, because the record will not have been cached (due to TTL 0). This resolution may be in the "invalid range". This type of attack is called a "DNS Rebinding Attack". This vulnerability is fixed in 0.6.1. | ||||
| CVE-2025-0454 | 2 Agpt, Significant-gravitas | 2 Autogpt Platform, Autogpt | 2025-08-05 | 7.5 High |
| A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the `urlparse` function from the `urllib.parse` library and the `requests` library. A malicious user can exploit this by submitting a specially crafted URL, such as `http://localhost:\@google.com/../`, to bypass the SSRF check and perform an SSRF attack. | ||||
| CVE-2025-54381 | 1 Bentoml | 1 Bentoml | 2025-08-05 | 9.9 Critical |
| BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests. The vulnerability stems from the multipart form data and JSON request handlers, which automatically download files from user-provided URLs without validating whether those URLs point to internal network addresses, cloud metadata endpoints, or other restricted resources. The documentation explicitly promotes this URL-based file upload feature, making it an intended design that exposes all deployed services to SSRF attacks by default. Version 1.4.19 contains a patch for the issue. | ||||
| CVE-2025-52567 | 1 Glpi-project | 1 Glpi | 2025-08-04 | 3.5 Low |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided since GLPI 10.0.4 were not robust enough for certain specific cases. This is fixed in version 10.0.19. | ||||
| CVE-2024-52598 | 2 2fauth, Bubka | 2 2fauth, 2fauth | 2025-08-04 | 7.5 High |
| 2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues. | ||||
| CVE-2024-12882 | 1 Comfy | 1 Comfyui | 2025-08-01 | N/A |
| comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse the victim server's credentials to access unauthorized web resources. | ||||
| CVE-2025-27774 | 1 Applio | 1 Applio | 2025-08-01 | 5.3 Medium |
| Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 156 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with the an arbitrary file read (e.g., CVE-2025-27784) to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available. | ||||
| CVE-2025-27775 | 1 Applio | 1 Applio | 2025-08-01 | 5.3 Medium |
| Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 143 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available. | ||||
| CVE-2025-27776 | 1 Applio | 1 Applio | 2025-08-01 | 5.3 Medium |
| Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 240 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with the arbitrary file read CVE-2025-27784 to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available. | ||||
| CVE-2025-27777 | 1 Applio | 1 Applio | 2025-08-01 | 7.5 High |
| Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with a arbitrary file read (e.g., CVE-2025-27784) to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. As of time of publication, no known patches are available. | ||||
| CVE-2024-12392 | 1 Binary-husky | 1 Gpt Academic | 2025-07-31 | N/A |
| A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL, including internal services, and read the response. This can be used to access data that are only accessible from the server, such as AWS metadata credentials, and can escalate local exploits to network-based attacks. | ||||
| CVE-2024-12376 | 1 Lm-sys | 1 Fastchat | 2025-07-31 | N/A |
| A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials. | ||||
| CVE-2025-2243 | 1 Bitdefender | 1 Gravityzone | 2025-07-30 | 7.3 High |
| A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1. | ||||
| CVE-2024-10044 | 1 Lm-sys | 1 Fastchat | 2025-07-29 | N/A |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint. | ||||
| CVE-2024-2206 | 1 Gradio Project | 1 Gradio | 2025-07-29 | 6.5 Medium |
| An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the `build_proxy_request` function. | ||||
| CVE-2024-11603 | 1 Lm-sys | 1 Fastchat | 2025-07-29 | N/A |
| A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal networks or the AWS metadata endpoint, potentially exposing sensitive data and compromising internal servers. | ||||