Weaknesses of type CWE-918

2,204 results
CVE-2026-13318MEDIUMVirt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ipEPSS 0.2%CVE-2025-1142MEDIUMIBM Edge Application Manager server-side request forgeryEPSS 0.2%CVE-2025-8055MEDIUMSSRF vulnerability have been discovered in OpenText™ XM FaxEPSS 0.2%CVE-2026-24316MEDIUMServer-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAPEPSS 0.2%CVE-2025-58441MEDIUMKnowage is vulnerable to blind server-side request forgery (SSRF)EPSS 0.2%CVE-2026-24964MEDIUMWordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-67623MEDIUMWordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-24548MEDIUMWordPress Radio Player plugin <= 2.0.91 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-12376MEDIUMIcon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request ForgeryEPSS 0.2%CVE-2026-44441MEDIUMERPNext: Possible SSRF by any authenticated userEPSS 0.2%CVE-2026-3530MEDIUMOpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025EPSS 0.2%CVE-2026-4989MEDIUMImproper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform seEPSS 0.2%CVE-2025-12800MEDIUMWP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request ForgeryEPSS 0.2%CVE-2023-20002MEDIUMA vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and condEPSS 0.2%CVE-2025-28963MEDIUMWordPress URL Shortener plugin <= 3.0.7 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-52713MEDIUMWordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-36085MEDIUMMultiple Vulnerabilities in IBM Concert Software.EPSS 0.2%CVE-2026-50552MEDIUMKoel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bailEPSS 0.2%CVE-2025-58641MEDIUMWordPress Exit Intent Popup Plugin <= 1.0.1 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-39670MEDIUMWordPress Visual Link Preview plugin <= 2.3.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%