Weaknesses of type CWE-918
2,181 resultsCVE-2026-5131MEDIUMServer-Side Request Forgery in GREENmodEPSS 0.4%CVE-2025-15104MEDIUMNu Html Checker (validator.nu) - Restriction bypass vulnerability allowing local SSRFEPSS 0.4%CVE-2024-57767HIGHMSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.EPSS 0.4%CVE-2026-30834HIGHPinchTab: SSRF with Full Response Exfiltration via Download HandlerEPSS 0.4%CVE-2025-59055MEDIUMInstantCMS vulnerable to Server-Side Request Forgery via package installerEPSS 0.4%CVE-2025-6517MEDIUMDromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgeryEPSS 0.4%CVE-2023-49795MEDIUMMindsDB Server-Side Request Forgery vulnerabilityEPSS 0.4%CVE-2026-3789MEDIUMBytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request forgeryEPSS 0.4%CVE-2024-2206HIGHSSRF Vulnerability in gradio-app/gradioEPSS 0.4%CVE-2026-27129MEDIUMCloud Metadata SSRF Protection Bypass via IPv6 ResolutionEPSS 0.4%CVE-2025-54924HIGHCWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker senEPSS 0.4%CVE-2023-38515MEDIUMWordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.4%CVE-2023-40033HIGHServer-Side Request Forgery via Avatar upload in flarumEPSS 0.4%CVE-2025-63551HIGHA Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content ManEPSS 0.4%CVE-2025-54925HIGHCWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker conEPSS 0.4%CVE-2024-51242MEDIUMA Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipuEPSS 0.4%CVE-2026-6011MEDIUMOpenClaw assertPublicHostname web-fetch.ts server-side request forgeryEPSS 0.4%CVE-2026-33182MEDIUMSaloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URLEPSS 0.4%CVE-2026-3788MEDIUMBytedesk SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels server-side request forgeryEPSS 0.4%CVE-2026-24736CRITICALSquidex has Server-Side Request Forgery (SSRF) Issue in Webhook ConfigurationEPSS 0.4%