Weaknesses of type CWE-918

2,203 results
CVE-2025-58962MEDIUMWordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-27023MEDIUMTwenty: SSRF protection bypass via HTTP redirect following in secure HTTP clientEPSS 0.2%CVE-2026-24767MEDIUMNocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL FunctionalityEPSS 0.2%CVE-2026-1343HIGHSecurity Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify AccessEPSS 0.2%CVE-2026-45609HIGHmcp-security: Unvalidated URL Fetching (SSRF)EPSS 0.2%CVE-2026-39418MEDIUMMaxKB: SSRF via sandbox network hook bypassEPSS 0.2%CVE-2026-44971HIGHGuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltrationEPSS 0.2%CVE-2026-48998MEDIUMguzzlehttp/psr7 has Host Confusion via Authority ReinterpretationEPSS 0.2%CVE-2026-45012HIGHApostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widgetEPSS 0.2%CVE-2025-14438MEDIUMXagio SEO <= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request ForgeryEPSS 0.2%CVE-2025-59809MEDIUMA server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.EPSS 0.2%CVE-2025-60161MEDIUMWordPress ZoloBlocks Plugin <= 2.3.11 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-53944MEDIUMGhost: Private IP filtering bypass to make server-side requests to internal servicesEPSS 0.2%CVE-2026-41195MEDIUMmosparo: Rule package source URL stored SSRF enables internal HTTP probingEPSS 0.2%CVE-2026-54299HIGHAstro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)EPSS 0.2%CVE-2026-22662MEDIUMprompts.chat Blind SSRF via media-generateEPSS 0.2%CVE-2026-12992HIGHApicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validationEPSS 0.2%CVE-2026-0932MEDIUMBlind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server befoEPSS 0.2%CVE-2025-12560MEDIUMBlog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_urlEPSS 0.2%CVE-2026-6215MEDIUMDbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgeryEPSS 0.2%