Weaknesses of type CWE-918
2,203 resultsCVE-2024-9408HIGHIn Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.EPSS 0.3%CVE-2026-12095HIGHKargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' ParameterEPSS 0.3%CVE-2026-35037HIGHEch0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadataEPSS 0.3%CVE-2026-33081MEDIUMPinchTab has Blind SSRF via browser-side redirect bypass in /download URL validationEPSS 0.3%CVE-2023-35896MEDIUMIBM Content Navigator server-side request forgeryEPSS 0.3%CVE-2026-33060MEDIUMCKAN MCP Server: SSRF via base_url allows access to internal networksEPSS 0.3%CVE-2026-53755HIGHCrawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF checkEPSS 0.3%CVE-2024-56279MEDIUMWordPress Compact WP Audio Player plugin <= 1.9.14 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-2393HIGHServer-Side Request Forgery (SSRF) in mlflow/mlflowEPSS 0.3%CVE-2025-52453HIGHServer-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource LEPSS 0.3%CVE-2025-65836CRITICALPublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.EPSS 0.3%CVE-2025-52454HIGHServer-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows ResourcEPSS 0.3%CVE-2026-5832MEDIUMatototo api-lab-mcp HTTP http-server.ts test_http_endpoint server-side request forgeryEPSS 0.3%CVE-2026-27567MEDIUMPayload has Server-Side Request Forgery (SSRF) in External File URL UploadsEPSS 0.3%CVE-2026-5530MEDIUMOllama Model Pull API download.go server-side request forgeryEPSS 0.3%CVE-2026-53930MEDIUMNocoDB: Server-Side Request Forgery via Base Migration URLEPSS 0.3%CVE-2025-58175MEDIUMGeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity ResolutionEPSS 0.3%CVE-2026-50887CRITICALA Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internaEPSS 0.3%CVE-2026-54018HIGHOpen WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP RedirectsEPSS 0.3%CVE-2025-11286MEDIUMsamanhappy MCPHub MCPRouter Service serverController.ts server-side request forgeryEPSS 0.3%