Fallos del tipo CWE-918

2184 resultados
CVE-2024-48052MEDIUMIn gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within EPSS 0.5%CVE-2025-51058MEDIUMBottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, whicEPSS 0.5%CVE-2026-40280HIGHGotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-listsEPSS 0.5%CVE-2026-31317HIGHCraftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the venEPSS 0.5%CVE-2024-47167MEDIUMSSRF in the path parameter of /queue/join in GradioEPSS 0.5%CVE-2026-33752HIGHRedirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)EPSS 0.5%CVE-2025-50125MEDIUMA CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the serverEPSS 0.5%CVE-2025-52362CRITICALServer-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input vaEPSS 0.5%CVE-2025-3691MEDIUMmirweiye Seven Bears Library CMS Add Link server-side request forgeryEPSS 0.5%CVE-2025-36560CRITICALServer-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticatEPSS 0.5%CVE-2022-43698MEDIUMOX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.EPSS 0.5%CVE-2023-46236HIGHFOG SSRF via unauthenticated endpoint(s)EPSS 0.5%CVE-2023-39313HIGHWordPress Avada theme <= 7.11.1 - Authenticated Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.5%CVE-2025-9868HIGHNexus Repository 2 - SSRF Vulnerability in Remote Browser PluginEPSS 0.5%CVE-2022-43699MEDIUMOX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversEPSS 0.5%CVE-2025-13814MEDIUMmoxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgeryEPSS 0.5%CVE-2024-48234MEDIUMAn issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is nEPSS 0.5%CVE-2023-3121LOWDahua Smart Parking Management image server-side request forgeryEPSS 0.5%CVE-2024-55082HIGHA Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensiEPSS 0.5%CVE-2023-40148MEDIUMPingFederate Server Side Request Forgery vulnerabilityEPSS 0.5%