Weaknesses of type CWE-918

2,203 results
CVE-2017-20106MEDIUMLithium Forum Compose Message server-side request forgeryEPSS 0.3%CVE-2024-27707MEDIUMServer Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload EPSS 0.3%CVE-2026-5921HIGHServer-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attackEPSS 0.3%CVE-2025-0539MEDIUMIn affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authenticEPSS 0.3%CVE-2026-30832CRITICALSoft Serve: SSRF via unvalidated LFS endpoint in repo importEPSS 0.3%CVE-2025-23082HIGHVeeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unaEPSS 0.3%CVE-2026-32828MEDIUMKargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data ExfiltrationEPSS 0.3%CVE-2026-4964MEDIUMletta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgeryEPSS 0.3%CVE-2026-35036HIGHEch0 Affected by Unauthenticated Server-Side Request Forgery in Website Preview FeatureEPSS 0.3%CVE-2026-27488MEDIUMOpenClaw hardened cron webhook delivery against SSRFEPSS 0.3%CVE-2025-20075HIGHServer-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend WEPSS 0.3%CVE-2025-20388LOWBlind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk EnterpriseEPSS 0.3%CVE-2025-11674MEDIUMPiExtract|SOOP-CLM - Server-Side Request ForgeryEPSS 0.3%CVE-2025-8680MEDIUMB Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request ForgeryEPSS 0.3%CVE-2023-35817MEDIUMDevExpress before 23.1.3 allows AsyncDownloader SSRF.EPSS 0.3%CVE-2026-6605MEDIUMmodelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgeryEPSS 0.3%CVE-2024-33592MEDIUMWordPress Radio Player plugin <= 2.0.73 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2024-9410MEDIUMAda.cx SSRF via Sentry MisconfigurationEPSS 0.3%CVE-2025-22374MEDIUMSSRF in CyberAudit-Web videx-legacy-sslEPSS 0.3%CVE-2023-49746MEDIUMWordPress SpeedyCache Plugin <= 1.1.2 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.3%