CVE-2025-3192

HIGH Year: 2025
CVSS v3 Score
8.2
High
Weakness Type
CWE-918
View all →

Vulnerability Description

Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories.

Related Vulnerabilities

CVE-2015-8813

HIGH
CVSS:8.2(High)

The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via...

CWE-9182015

CVE-2020-13379

HIGH
CVSS:8.2(High)

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL an...

CWE-9182020

CVE-2020-7739

HIGH
CVSS:8.2(High)

This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.

CWE-9182020

CVE-2022-24129

HIGH
CVSS:8.2(High)

The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to intera...

CWE-9182022

CVE-2022-3172

HIGH
CVSS:8.2(High)

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as for...

CWE-9182022