Weaknesses of type CWE-918
2,196 resultsCVE-2025-48383HIGHDjango-Select2 Vulnerable to Widget Instance Secret Cache Key LeakingEPSS 0.3%CVE-2026-56348MEDIUMn8n - Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters EndpointEPSS 0.3%CVE-2026-7084MEDIUMHBAI-Ltd Toonflow-app getCodeByLink Endpoint getCodeByLink.ts fetch server-side request forgeryEPSS 0.3%CVE-2026-34367HIGHInvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes FieldEPSS 0.3%CVE-2025-9805MEDIUMSimStudioAI sim route.ts server-side request forgeryEPSS 0.3%CVE-2025-5260HIGHSSRF in PozitifIK's Pik OnlineEPSS 0.3%CVE-2024-2090MEDIUMRemote Content Shortcode <= 1.5 - Authenticated (Contributor+) Server-Side Request ForgeryEPSS 0.3%CVE-2026-41481MEDIUMLangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect BypassEPSS 0.3%CVE-2025-68696HIGHhttparty Has Potential SSRF Vulnerability That Leads to API Key LeakageEPSS 0.3%CVE-2026-41130MEDIUMCraft CMS has a host header injection leading to SSRF via resource-js endpointEPSS 0.3%CVE-2023-7073MEDIUMAuto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.3%CVE-2026-33537MEDIUMLychee has SSRF bypass via incomplete IP validation in Photo::fromUrl — loopback and link-local IPs not blockedEPSS 0.3%CVE-2026-2290LOWPost Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' FieldEPSS 0.3%CVE-2026-5205MEDIUMchatwoot Webhook API trigger.rb Trigger server-side request forgeryEPSS 0.3%CVE-2025-62155HIGHQuantumNous New API Has SSRF BypassEPSS 0.3%CVE-2026-3881MEDIUMPerformance Monitor <= 1.0.6 - Unauthenticated Blind SSRFEPSS 0.3%CVE-2026-45715HIGHBudibase: SSRF Bypass via HTTP Redirect in REST Datasource IntegrationEPSS 0.3%CVE-2026-21885MEDIUMMiniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resourcesEPSS 0.3%CVE-2026-34881MEDIUMOpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, EPSS 0.3%CVE-2026-32301CRITICALCentrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URLEPSS 0.3%