Weaknesses of type CWE-918

2,203 results
CVE-2023-42812MEDIUMGalaxy vulnerable to Server Side Request Forgery during data importsEPSS 0.3%CVE-2024-12121MEDIUMBroken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request ForgeryEPSS 0.3%CVE-2026-0807HIGHFrontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' ParameterEPSS 0.3%CVE-2024-13879MEDIUMStream <= 4.0.2 - Authenticated (Admin+) Server-Side Request ForgeryEPSS 0.3%CVE-2021-47715MEDIUMHasura GraphQL 1.3.3 Server-Side Request Forgery via Remote Schema InjectionEPSS 0.3%CVE-2026-5618MEDIUMkalcaddle kodbox shareMake/shareCheck server-side request forgeryEPSS 0.3%CVE-2025-66405MEDIUMPortkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom HostEPSS 0.3%CVE-2024-50337MEDIUMChamilo: Potential unauthenticated blind SSRF via openid functionEPSS 0.3%CVE-2026-34740MEDIUMAVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() ValidationEPSS 0.3%CVE-2025-2835MEDIUMzhangyd-c OneBlog RestApiController.java autoLink server-side request forgeryEPSS 0.3%CVE-2025-20288MEDIUMCisco Unified Intelligence Center Server-Side Request Forgery VulnerabilityEPSS 0.3%CVE-2025-8678MEDIUMWP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request ForgeryEPSS 0.3%CVE-2019-25290MEDIUMINIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImageEPSS 0.3%CVE-2023-34370HIGHServer Side Request Forgery (SSRF) vulnerability in Starter Templates pluginsEPSS 0.3%CVE-2024-4404HIGHElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request ForgeryEPSS 0.3%CVE-2026-14336HIGHPIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_kEPSS 0.3%CVE-2026-59101MEDIUMAutoBangumi < 3.2.8 - SSRF via /api/v1/setup/test-downloaderEPSS 0.3%CVE-2026-4623MEDIUMDefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgeryEPSS 0.3%CVE-2025-59837HIGHastro allows bypass of image proxy domain validation leading to SSRF and potential XSSEPSS 0.3%CVE-2026-7094MEDIUMShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgeryEPSS 0.3%