Weaknesses of type CWE-918
2,203 resultsCVE-2026-7065MEDIUMBidingCC BuildingAI Remote Upload API file-storage.service.ts uploadRemoteFile server-side request forgeryEPSS 0.3%CVE-2025-62505LOWSSRF in lobehub/lobe-chat with native web fetch moduleEPSS 0.3%CVE-2025-64180CRITICALManager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)EPSS 0.3%CVE-2026-20958MEDIUMMicrosoft SharePoint Information Disclosure VulnerabilityEPSS 0.3%CVE-2025-22701MEDIUMWordPress Traveler Layout Essential For Elementor plugin < 1.4 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-1294HIGHAll In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy EndpointEPSS 0.3%CVE-2024-32454MEDIUMWordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-32236LOW@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetchEPSS 0.3%CVE-2026-45400HIGHOpen WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url`EPSS 0.3%CVE-2026-10517MEDIUMClair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissanceEPSS 0.3%CVE-2026-13150MEDIUMSSRF in Pentestify PDF generation endpoint via Host headerEPSS 0.3%CVE-2024-13411MEDIUMZapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user FunctionEPSS 0.3%CVE-2025-13809MEDIUMorionsec orion-ops SSH Connection MachineInfoController.java server-side request forgeryEPSS 0.3%CVE-2026-40566MEDIUMFreeScout vulnerable to SSRF via IMAP/SMTP Connection Test EndpointsEPSS 0.3%CVE-2025-49190MEDIUMServer-Side Request ForgeryEPSS 0.3%CVE-2026-50127MEDIUMWeblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)EPSS 0.3%CVE-2025-68150HIGHParse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth AdapterEPSS 0.3%CVE-2026-44116MEDIUMOpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL ValidationEPSS 0.3%CVE-2025-10453MEDIUMPilotGaea Technologies|O'View MapServer - Server-Side Request ForgeryEPSS 0.3%CVE-2024-33634MEDIUMWordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%