Weaknesses of type CWE-918

2,203 results
CVE-2026-3052MEDIUMDataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgeryEPSS 0.3%CVE-2024-31897MEDIUMIBM Cloud Pak for Business Automation server-side request forgeryEPSS 0.3%CVE-2025-10391MEDIUMCRMEB OutAccountServices.php testOutUrl server-side request forgeryEPSS 0.3%CVE-2026-2985MEDIUMTiandy Video Surveillance System 视频监控平台 CLSBODownLoad.java downloadImage server-side request forgeryEPSS 0.3%CVE-2026-34746HIGHPayload has Authenticated SSRF via Upload FunctionalityEPSS 0.3%CVE-2026-35572HIGHSSRF via Referer header in ChurchCRM allows server-side HTTP/HTTPS requests to arbitrary hostsEPSS 0.3%CVE-2025-28197CRITICALCrawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.EPSS 0.3%CVE-2026-29097HIGHSuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed DashletEPSS 0.3%CVE-2024-32775MEDIUMWordPress Embed Google Photos album plugin <= 2.1.9 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-4874LOWOrg.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulationEPSS 0.3%CVE-2025-64327MEDIUMThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping EndpointEPSS 0.3%CVE-2026-53931MEDIUMNocoDB: Server-Side Request Forgery via Spreadsheet Import EndpointEPSS 0.3%CVE-2025-2170HIGHA Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific condEPSS 0.3%CVE-2025-8527MEDIUMExrick xboot Swagger SecurityController.java server-side request forgeryEPSS 0.3%CVE-2026-10771MEDIUMcrmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgeryEPSS 0.3%CVE-2026-10287MEDIUMSourceCodester SEO Meta Tag Extractor index.php get_headers server-side request forgeryEPSS 0.3%CVE-2025-62505LOWSSRF in lobehub/lobe-chat with native web fetch moduleEPSS 0.3%CVE-2024-33627MEDIUMWordPress AGCA – Custom Dashboard & Login Page plugin <= 7.2.2 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-4200MEDIUMglowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgeryEPSS 0.3%CVE-2024-5031HIGHMemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file ShortcodeEPSS 0.3%