Weaknesses of type CWE-918
2,157 resultsCVE-2017-11149—Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 EPSS 1.6%CVE-2023-21761HIGHMicrosoft Exchange Server Information Disclosure VulnerabilityEPSS 1.6%CVE-2025-55150HIGHStirling-PDF SSRF vulnerability on /api/v1/convert/html/pdfEPSS 1.6%CVE-2025-36845HIGHAn issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSEPSS 1.6%CVE-2021-29102CRITICALThere is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server Manager version 10.8.1 and below.EPSS 1.6%CVE-2024-40898CRITICALApache HTTP Server: SSRF with mod_rewrite in server/vhost context on WindowsEPSS 1.5%CVE-2022-2216CRITICALServer-Side Request Forgery (SSRF) in ionicabizau/parse-urlEPSS 1.5%CVE-2019-1872MEDIUMCisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery VulnerabilityEPSS 1.5%CVE-2022-1379HIGHURL Restriction Bypass in plantuml/plantumlEPSS 1.5%CVE-2025-47733CRITICALMicrosoft Power Apps Information Disclosure VulnerabilityEPSS 1.5%CVE-2023-6974HIGHServer-Side Request Forgery (SSRF)EPSS 1.5%CVE-2026-45298HIGHDozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)EPSS 1.5%CVE-2023-37379—Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" featureEPSS 1.5%CVE-2022-2339CRITICALServer-Side Request Forgery (SSRF) in nocodb/nocodbEPSS 1.5%CVE-2021-22970—Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toEPSS 1.4%CVE-2022-4096HIGHServer-Side Request Forgery (SSRF) in appsmithorg/appsmithEPSS 1.4%CVE-2024-54330HIGHWordPress Hurrakify plugin <= 2.4 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 1.4%CVE-2021-36396HIGHIn Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a bEPSS 1.4%CVE-2024-36675CRITICALLyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.EPSS 1.4%CVE-2017-11148—Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to accEPSS 1.4%