Fallos del tipo CWE-918

2171 resultados
CVE-2026-49869CRITICALKestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`EPSS 0.7%CVE-2024-3095MEDIUMSSRF in Langchain Web Research Retriever in langchain-ai/langchainEPSS 0.7%CVE-2022-37313MEDIUMOX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.EPSS 0.7%CVE-2022-28217Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which alEPSS 0.7%CVE-2023-25557HIGHServer-Side Request Forgery in DataHubEPSS 0.7%CVE-2023-24623HIGHParanoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addressEPSS 0.7%CVE-2024-25738CRITICALA Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before EPSS 0.7%CVE-2024-8955MEDIUMSSRF in composiohq/composioEPSS 0.7%CVE-2022-32457MEDIUMData Systems Consulting Co., Ltd. BPM - Blind Server-Side Request Forgery (SSRF)EPSS 0.7%CVE-2023-46124HIGHServer-Side Request Forgery Vulnerability in Custom Integration UploadEPSS 0.7%CVE-2024-8952MEDIUMSSRF in composiohq/composioEPSS 0.7%CVE-2024-33250HIGHAn issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to exeEPSS 0.7%CVE-2024-11168MEDIUMImproper validation of IPv6 and IPvFuture addressesEPSS 0.7%CVE-2022-4725MEDIUMAWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgeryEPSS 0.7%CVE-2024-31461CRITICALPlane Server-Side Request Forgery (SSRF) VulnerabilityEPSS 0.7%CVE-2024-22873HIGHTencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/EPSS 0.7%CVE-2022-27622MEDIUMServer-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 alloEPSS 0.7%CVE-2024-9710HIGHPostHog database_schema Server-Side Request Forgery Information Disclosure VulnerabilityEPSS 0.7%CVE-2017-20157MEDIUMAriadne Component Library Url.php server-side request forgeryEPSS 0.7%CVE-2024-27565CRITICALA Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to maEPSS 0.7%