Weaknesses of type CWE-918
2,157 resultsCVE-2018-25031MEDIUMSwagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attEPSS 42.3%CVE-2024-27564MEDIUMpictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archivedEPSS 40.6%CVE-2022-45362HIGHWordPress Paytm Payment Gateway Plugin <= 2.7.0 is vulnerable to Server Side Request Forgery (SSRF)EPSS 38.9%CVE-2024-1884MEDIUMServer Side Request Forgery in PaperCut NG/MFEPSS 37.9%CVE-2026-44578HIGHNext.js: Server-side request forgery in applications using WebSocket upgradesEPSS 37.8%CVE-2024-27098MEDIUMBlind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPIEPSS 37.5%CVE-2024-4325HIGHServer-Side Request Forgery (SSRF) in gradio-app/gradioEPSS 37.4%CVE-2024-6587HIGHSSRF in berriai/litellmEPSS 36.9%CVE-2023-27159HIGHAppwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerabiliEPSS 36.2%CVE-2022-45835MEDIUMWordPress PhonePe Payment Solutions Plugin <= 1.0.15 is vulnerable to Server Side Request Forgery (SSRF)EPSS 36.1%CVE-2023-43654CRITICALTorchServe Server-Side Request ForgeryEPSS 35.3%CVE-2023-48023CRITICALAnyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated inEPSS 35.1%CVE-2024-1021MEDIUMRebuild HTTP Request readRawText server-side request forgeryEPSS 35.0%CVE-2021-39935MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 beforeEPSS 30.5%KEVCVE-2024-6922MEDIUMServer-Side Request Forgery in Automation 360EPSS 30.2%CVE-2021-21287HIGHServer-Side Request Forgery in MinIO Browser APIEPSS 24.8%CVE-2024-7959HIGHSSRF in open-webui/open-webuiEPSS 24.5%CVE-2025-21385HIGHMicrosoft Purview Information Disclosure VulnerabilityEPSS 24.4%CVE-2022-25026HIGHA Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on thEPSS 24.2%CVE-2024-32965HIGHssrf vulnerability in lobe-chatEPSS 23.7%