Weaknesses of type CWE-918
2,172 resultsCVE-2026-30118CRITICALscalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy enEPSS 0.5%CVE-2023-33176MEDIUMBlind SSRF When Uploading Presentation in BigBlueButtonEPSS 0.5%CVE-2023-51451MEDIUMSSRF in symbolicator via invalid protocolEPSS 0.5%CVE-2024-24829MEDIUMSSRF in Sentry via Phabricator integrationEPSS 0.5%CVE-2025-1848MEDIUMzj1983 zz import_data_check server-side request forgeryEPSS 0.5%CVE-2025-1849MEDIUMzj1983 zz import_data_todb server-side request forgeryEPSS 0.5%CVE-2022-46830MEDIUMIn JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.EPSS 0.5%CVE-2023-41327MEDIUMControlled SSRF through URL in the WireMockEPSS 0.5%CVE-2026-27808MEDIUMMailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check APIEPSS 0.5%CVE-2022-30579HIGHTIBCO Spotfire Server Blind SSRF vulnerabilityEPSS 0.5%CVE-2024-33117MEDIUMcrmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMEPSS 0.5%CVE-2025-67647HIGHSvelteKit Denial of service and possible SSRF when using prerenderingEPSS 0.5%CVE-2026-45504HIGHMicrosoft Exchange Server Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2026-45502MEDIUMMicrosoft Exchange Server Information Disclosure VulnerabilityEPSS 0.5%CVE-2024-48052MEDIUMIn gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within EPSS 0.5%CVE-2026-25580HIGHPydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download HandlingEPSS 0.5%CVE-2023-41899MEDIUMPartial Server-Side Request Forgery in Home Assistant Core EPSS 0.5%CVE-2025-51058MEDIUMBottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, whicEPSS 0.5%CVE-2026-40280HIGHGotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-listsEPSS 0.5%CVE-2025-36560CRITICALServer-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticatEPSS 0.5%