Weaknesses of type CWE-918

2,198 results
CVE-2026-34504MEDIUMOpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal ProviderEPSS 0.2%CVE-2026-41688HIGHIncomplete fix for CVE-2026-33399: SSRF in WallosEPSS 0.2%CVE-2026-5803MEDIUMbigsk1 openai-realtime-ui API Proxy Endpoint server.js server-side request forgeryEPSS 0.2%CVE-2026-33458MEDIUMServer-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information DisclosureEPSS 0.2%CVE-2026-11346MEDIUMServer-Side Request Forgery (SSRF) allowing Internal Network Probing in linqiEPSS 0.2%CVE-2026-42965HIGHOpenshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validationEPSS 0.2%CVE-2025-6242HIGHVllm: server side request forgery (ssrf) in mediaconnectorEPSS 0.2%CVE-2026-2531MEDIUMMindsDB File Upload security.py clear_filename server-side request forgeryEPSS 0.2%CVE-2026-53607LOW@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host headerEPSS 0.2%CVE-2026-45310HIGHCodeWhale: SSRF via HTTP Redirect Bypass in fetch_url ToolEPSS 0.2%CVE-2026-48148MEDIUMBudibase: Unvalidated VectorDB Host Parameter Enables SSRFEPSS 0.2%CVE-2026-11424HIGHServer-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information DisclosureEPSS 0.2%CVE-2025-12073MEDIUMServer-Side Request Forgery (SSRF) in GitLabEPSS 0.2%CVE-2026-43929HIGHssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed InputsEPSS 0.2%CVE-2026-27945LOWZITADEL has potential SSRF via ActionsEPSS 0.2%CVE-2026-34590MEDIUMPostiz: SSRF via Webhook Creation Endpoint Missing URL Safety ValidationEPSS 0.2%CVE-2024-49312MEDIUMWordPress Edwiser Bridge plugin <= 3.0.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-0632MEDIUMFluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'EPSS 0.2%CVE-2026-3681MEDIUMwelovemedia FFmate webhook.go fireWebhook server-side request forgeryEPSS 0.2%CVE-2026-57303HIGHJenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers aEPSS 0.2%