Weaknesses of type CWE-918
2,182 resultsCVE-2026-25492MEDIUMCraft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying hostEPSS 0.4%CVE-2025-46568HIGHStirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read VulnerabilityEPSS 0.4%CVE-2024-5328HIGHSSRF Vulnerability in lunary-ai/lunaryEPSS 0.4%CVE-2023-43798MEDIUMBigBlueButton Blind SSRF When Uploading Presentation (mitigation bypass)EPSS 0.4%CVE-2024-27563MEDIUMA Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make aEPSS 0.4%CVE-2026-34162CRITICALFastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key TheftEPSS 0.4%CVE-2025-28091CRITICALmaccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.EPSS 0.4%CVE-2025-11648MEDIUMTomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgeryEPSS 0.4%CVE-2025-28089CRITICALmaccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.EPSS 0.4%CVE-2025-31116MEDIUMMobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS RebindingEPSS 0.4%CVE-2023-45195MEDIUMAdminer and AdminerEvo SSRFEPSS 0.4%CVE-2025-8772MEDIUMVinades NukeViet Module index.php server-side request forgeryEPSS 0.4%CVE-2024-27898MEDIUMServer-Side Request Forgery in SAP NetWeaverEPSS 0.4%CVE-2025-31490HIGHAutoGPT allows SSRF due to DNS Rebinding in requests wrapperEPSS 0.4%CVE-2025-22474MEDIUMDell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerabiEPSS 0.4%CVE-2023-42477MEDIUMServer-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)EPSS 0.4%CVE-2025-31117MEDIUMOpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) VulnerabilityEPSS 0.4%CVE-2025-11864MEDIUMNucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgeryEPSS 0.4%CVE-2024-9624HIGHWP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File ImportEPSS 0.4%CVE-2024-26476LOWAn issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereqEPSS 0.4%