Weaknesses of type CWE-918

2,203 results
CVE-2026-42860HIGHOpen edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpointEPSS 0.3%CVE-2026-45082HIGHKarakeep has a SSRF Protection Bypass via Redirect HandlingEPSS 0.3%CVE-2026-42398HIGHServer-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network AccessEPSS 0.3%CVE-2026-6625MEDIUMmoxi624 Mogu Blog v2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forgeryEPSS 0.3%CVE-2025-52196HIGHServer-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arEPSS 0.3%CVE-2026-41060HIGHAVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURLEPSS 0.3%CVE-2026-5016MEDIUMelecV2 elecV2P URL mock eAxios server-side request forgeryEPSS 0.3%CVE-2025-68662HIGHFinalDestination hostname matching allows SSRF protection bypassEPSS 0.3%CVE-2026-45401HIGHOpen WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load EndpointsEPSS 0.3%CVE-2026-4528MEDIUMtrueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgeryEPSS 0.3%CVE-2025-59344HIGHAliasVault Vulnerable to Server-Side Request Forgery via Favicon ExtractionEPSS 0.3%CVE-2025-30678MEDIUMA Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manEPSS 0.3%CVE-2025-52491MEDIUMAkamai CloudTest before 60 2025.06.09 (12989) allows SSRF.EPSS 0.3%CVE-2025-30679MEDIUMA Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manEPSS 0.3%CVE-2026-4302HIGHWowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST APIEPSS 0.3%CVE-2026-25870MEDIUMDoraCMS <= 3.1 UEditor Remote Image Fetch SSRFEPSS 0.3%CVE-2026-7221MEDIUMTencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgeryEPSS 0.3%CVE-2026-3052MEDIUMDataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgeryEPSS 0.3%CVE-2023-29260MEDIUMIBM Sterling Connect:Express for UNIX server-side request forgeryEPSS 0.3%CVE-2026-28677HIGHOpenSift: Insufficient URL destination restrictions in ingest flow could enable SSRF-style internal accessEPSS 0.3%