Weaknesses of type CWE-918
2,203 resultsCVE-2025-11286MEDIUMsamanhappy MCPHub MCPRouter Service serverController.ts server-side request forgeryEPSS 0.3%CVE-2025-52186MEDIUMLichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-3216MEDIUMDrupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017EPSS 0.3%CVE-2026-50887CRITICALA Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internaEPSS 0.3%CVE-2025-50251CRITICALServer side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.EPSS 0.3%CVE-2025-45939MEDIUMApwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery (SSRF) via the test webhook function.EPSS 0.3%CVE-2026-44502MEDIUMBugsink: SSRF bypass in `validate_webhook_url`EPSS 0.3%CVE-2024-37260HIGHWordPress Foxiz Theme theme <= 2.3.5 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-45331HIGHOpen WebUI: Full SSRF Vulnerability in the RAG Web Search FeatureEPSS 0.3%CVE-2026-46497LOWSSRF via sitemap-derived URLs in Crawlee for PythonEPSS 0.3%CVE-2026-48916MEDIUMJenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.EPSS 0.3%CVE-2026-24005NONEOpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host FieldEPSS 0.3%CVE-2025-55971MEDIUMTCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticEPSS 0.3%CVE-2025-10735MEDIUMBlock For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request ForgeryEPSS 0.3%CVE-2026-44313CRITICALLinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders FunctionEPSS 0.3%CVE-2026-44430MEDIUMMCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlistEPSS 0.3%CVE-2026-0600MEDIUMNexus Repository 3 - Server-Side Request Forgery in Proxy Repository ConfigurationEPSS 0.3%CVE-2025-14610HIGHTableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' ParameterEPSS 0.3%CVE-2026-6606MEDIUMmodelscope agentscope _agent_base.py _process_audio_block server-side request forgeryEPSS 0.3%CVE-2026-6604MEDIUMmodelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgeryEPSS 0.3%