Weaknesses of type CWE-918
2,204 resultsCVE-2026-31989MEDIUMOpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation RedirectEPSS 0.2%CVE-2026-25310MEDIUMWordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-47483MEDIUMWordPress Easy Replace Image plugin <= 3.5.0 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-47464MEDIUMWordPress Solace Extra plugin <= 1.3.1 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-46443MEDIUMWordPress Animate plugin <= 0.5 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-1249MEDIUMMP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.2%CVE-2025-43763MEDIUMA server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2EPSS 0.2%CVE-2025-26990MEDIUMWordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-56275MEDIUMFlowise - Server-Side Request Forgery via Execute Flow Base URLEPSS 0.2%CVE-2025-64511HIGHMaxKB has SSRF in sandboxEPSS 0.2%CVE-2025-47664MEDIUMWordPress WP Pipes <= 1.4.2 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-14290MEDIUMIBM webMethods Integration Sever is vulnerable to server-side request forgeryEPSS 0.2%CVE-2026-47268MEDIUMNezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard hostEPSS 0.2%CVE-2026-0746MEDIUMAI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request ForgeryEPSS 0.2%CVE-2026-12986HIGHA critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows thEPSS 0.2%CVE-2026-27170HIGHOpenSift: SSRF risk in URL ingestion endpointEPSS 0.2%CVE-2026-48522MEDIUMPyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemesEPSS 0.2%CVE-2026-57627MEDIUMWordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-7843MEDIUMAuto Save Remote Images (Drafts) <= 1.0.9 - Authenticated (Contributor+) Server-Side Request ForgeryEPSS 0.2%CVE-2026-40516HIGHOpenHarness SSRF via web_fetch and web_searchEPSS 0.2%