Weaknesses of type CWE-918
2,182 resultsCVE-2025-28090CRITICALmaccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.EPSS 0.4%CVE-2026-34954HIGHPraisonAI: SSRF in FileTools.download_file() via Unvalidated URLEPSS 0.4%CVE-2024-6522HIGHModern Events Calendar <= 7.12.1 - Authenticated (Subscriber+) Server Side Request ForgeryEPSS 0.4%CVE-2026-2377MEDIUMMirror-registry: quay: quay: server-side request forgery via log export functionalityEPSS 0.4%CVE-2026-41887MEDIUMFlarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)EPSS 0.4%CVE-2023-30444HIGHIBM Watson Machine Learning on Cloud Pak for Data server-side request forgeryEPSS 0.4%CVE-2025-11427MEDIUMWP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request ForgeryEPSS 0.4%CVE-2024-3047HIGHPDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Server-Side Request ForgeryEPSS 0.4%CVE-2024-5526HIGHGrafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and inteEPSS 0.4%CVE-2026-47267HIGHGogs: SSRF in webhook deliveriesEPSS 0.4%CVE-2024-46468HIGHA Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitiveEPSS 0.4%CVE-2026-8328MEDIUMFTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host addressEPSS 0.4%CVE-2022-41949MEDIUMSemi-blind Server-Side Request Forgery in dhis2-coreEPSS 0.4%CVE-2026-35486HIGHtext-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validationEPSS 0.4%CVE-2025-5510MEDIUMquequnlong shiyi-blog optimize server-side request forgeryEPSS 0.4%CVE-2025-59088HIGHPython-kdcproxy: unauthenticated ssrf via realm‑controlled dns srvEPSS 0.4%CVE-2026-33992CRITICALpyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata ExfiltrationEPSS 0.4%CVE-2025-62427HIGHServer-Side Request Forgery (SSRF) in Angular SSREPSS 0.4%CVE-2026-28467MEDIUMOpenClaw < 2026.2.2 - SSRF via Attachment Media URL HydrationEPSS 0.4%CVE-2024-13924MEDIUMStarter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request ForgeryEPSS 0.4%