Weaknesses of type CWE-918
2,197 resultsCVE-2023-38515MEDIUMWordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.4%CVE-2026-27129MEDIUMCloud Metadata SSRF Protection Bypass via IPv6 ResolutionEPSS 0.4%CVE-2025-54924HIGHCWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker senEPSS 0.4%CVE-2026-33182MEDIUMSaloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URLEPSS 0.4%CVE-2026-24736CRITICALSquidex has Server-Side Request Forgery (SSRF) Issue in Webhook ConfigurationEPSS 0.4%CVE-2026-3788MEDIUMBytedesk SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels server-side request forgeryEPSS 0.4%CVE-2024-51242MEDIUMA Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipuEPSS 0.4%CVE-2026-6011MEDIUMOpenClaw assertPublicHostname web-fetch.ts server-side request forgeryEPSS 0.4%CVE-2026-25492MEDIUMCraft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying hostEPSS 0.4%CVE-2026-0532HIGHExternal Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini ConnectorEPSS 0.4%CVE-2024-5328HIGHSSRF Vulnerability in lunary-ai/lunaryEPSS 0.4%CVE-2025-46568HIGHStirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read VulnerabilityEPSS 0.4%CVE-2024-27563MEDIUMA Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make aEPSS 0.4%CVE-2023-43798MEDIUMBigBlueButton Blind SSRF When Uploading Presentation (mitigation bypass)EPSS 0.4%CVE-2025-28089CRITICALmaccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.EPSS 0.4%CVE-2025-11648MEDIUMTomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgeryEPSS 0.4%CVE-2026-34162CRITICALFastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key TheftEPSS 0.4%CVE-2025-28091CRITICALmaccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.EPSS 0.4%CVE-2024-27898MEDIUMServer-Side Request Forgery in SAP NetWeaverEPSS 0.4%CVE-2025-8772MEDIUMVinades NukeViet Module index.php server-side request forgeryEPSS 0.4%