Weaknesses of type CWE-918
2,194 resultsCVE-2025-9862MEDIUMGhost 6.0.6 - SSRF via oEmbed BookmarkEPSS 0.5%CVE-2024-0308MEDIUMInis Proxy.php server-side request forgeryEPSS 0.5%CVE-2026-47357CRITICALTerrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan eEPSS 0.5%CVE-2023-28633LOWGLPI vulnerable to Blind Server-Side Request Forgery (SSRF) in RSS feedsEPSS 0.5%CVE-2022-48477MEDIUMIn JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
EPSS 0.5%CVE-2024-0601MEDIUMZhongFuCheng3y Austin Email Message Template AustinFileUtils.java getRemoteUrl2File server-side request forgeryEPSS 0.5%CVE-2026-26801HIGHServer-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitiveEPSS 0.5%CVE-2022-30579HIGHTIBCO Spotfire Server Blind SSRF vulnerabilityEPSS 0.5%CVE-2024-5917LOWPAN-OS: Server-Side Request Forgery in WildFireEPSS 0.5%CVE-2023-24060MEDIUMHaven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to creaEPSS 0.5%CVE-2025-1211MEDIUMVersions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI buEPSS 0.5%CVE-2026-47358CRITICALTerrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when EPSS 0.5%CVE-2025-0480MEDIUMwuzhicms config.php test server-side request forgeryEPSS 0.5%CVE-2024-5014HIGHWhatsUp Gold GetASPReport Server-Side Request Forgery Information DisclosureEPSS 0.5%CVE-2024-12867HIGHServer-Side Request Forgery in Arctic Hub URL Mapper allows an unauthenticated remote attacker to exfiltrate and modify configurations and dataEPSS 0.5%CVE-2024-7330MEDIUMYouDianCMS ydLib.php curl_exec server-side request forgeryEPSS 0.5%CVE-2024-37359HIGHHitachi Vantara Pentaho Business Analytics Server – Server Side Request ForgeryEPSS 0.5%CVE-2026-8328MEDIUMFTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host addressEPSS 0.5%CVE-2024-23330MEDIUMTuta loads images from external resourcesEPSS 0.5%CVE-2026-34577HIGHPostiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension CheckEPSS 0.5%