Weaknesses of type CWE-918
2,203 resultsCVE-2026-41172HIGHSquidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets)EPSS 0.2%CVE-2026-8081MEDIUMrouter-for-me CLIProxyAPI api_tools.go server-side request forgeryEPSS 0.2%CVE-2024-45843LOWWeak SSRF FilteringEPSS 0.2%CVE-2026-41171HIGHSSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClientEPSS 0.2%CVE-2026-7604MEDIUMJeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgeryEPSS 0.2%CVE-2026-7729MEDIUMpixelsock directus-mcp MCP index.ts validateUrl server-side request forgeryEPSS 0.2%CVE-2023-31456MEDIUMThere is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitEPSS 0.2%CVE-2025-30997MEDIUMWordPress Car Repair Services theme <= 5.0 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-3733MEDIUMxuxueli xxl-job JobInfoController.java server-side request forgeryEPSS 0.2%CVE-2026-7605MEDIUMJeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgeryEPSS 0.2%CVE-2026-10586HIGHGutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.2%CVE-2024-13940MEDIUMNinja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form WebhookEPSS 0.2%CVE-2026-31943HIGHLibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIPEPSS 0.2%CVE-2026-35548HIGHAn issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flEPSS 0.2%CVE-2026-35461MEDIUMPapra has a Blind Server-Side Request Forgery (SSRF) via Webhook URLEPSS 0.2%CVE-2026-27706HIGHPlane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" FeatureEPSS 0.2%CVE-2024-49336MEDIUMIBM Security Guardium server-side request forgeryEPSS 0.2%CVE-2026-34526MEDIUMSillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6EPSS 0.2%CVE-2026-42345HIGHFastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dotEPSS 0.2%CVE-2024-13845MEDIUMGravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via WebhookEPSS 0.2%