Weaknesses of type CWE-918
2,203 resultsCVE-2026-0600MEDIUMNexus Repository 3 - Server-Side Request Forgery in Proxy Repository ConfigurationEPSS 0.3%CVE-2026-6606MEDIUMmodelscope agentscope _agent_base.py _process_audio_block server-side request forgeryEPSS 0.3%CVE-2026-30242HIGHPlane: SSRF via Incomplete IP Validation in Webhook URL SerializerEPSS 0.3%CVE-2026-1561MEDIUMIBM WebSphere Application Server Liberty Server-Side Request ForgeryEPSS 0.3%CVE-2024-57252MEDIUMOtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily.EPSS 0.3%CVE-2026-1857MEDIUMGutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' ParameterEPSS 0.3%CVE-2025-8341MEDIUMSSRF in Infinity Datasource PluginEPSS 0.3%CVE-2026-33401HIGHWallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.phpEPSS 0.3%CVE-2026-34163HIGHServer-Side Request Forgery via MCP Tools Endpoint in FastGPTEPSS 0.3%CVE-2025-9821LOWSSRF via webhook functionEPSS 0.3%CVE-2025-45475MEDIUMmaccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.EPSS 0.3%CVE-2026-25991HIGHTandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe ImportEPSS 0.3%CVE-2023-48786MEDIUMA server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an aEPSS 0.3%CVE-2026-25528MEDIUMLangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header InjectionEPSS 0.3%CVE-2026-33682MEDIUMStreamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)EPSS 0.3%CVE-2026-26286HIGHSillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal ServicesEPSS 0.3%CVE-2026-33399HIGHWallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840EPSS 0.3%CVE-2026-31955MEDIUMXibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet FunctionalityEPSS 0.3%CVE-2025-10471MEDIUMZKEACMS MediaController.cs Proxy server-side request forgeryEPSS 0.3%CVE-2026-53927MEDIUMNocoDB: Server-Side Request Forgery via Spreadsheet Fetch URLEPSS 0.3%