Weaknesses of type CWE-918

2,182 results
CVE-2026-25511HIGHGroup-Office is vulnerable to SSRF and File Read in WOPI service discoveryEPSS 0.4%CVE-2026-43995MEDIUMFlowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)EPSS 0.4%CVE-2026-42313HIGHpyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxyEPSS 0.4%CVE-2024-55086HIGHIn the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the baEPSS 0.4%CVE-2021-38132MEDIUMPossible External service interaction VulnerabilityEPSS 0.4%CVE-2025-10329MEDIUMcdevroe unmark Marks.php server-side request forgeryEPSS 0.4%CVE-2026-23845MEDIUMMailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check APIEPSS 0.4%CVE-2026-35587HIGHGlances IP Plugin has SSRF via public_api that leads to credential leakageEPSS 0.4%CVE-2024-33857CRITICALAn issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-levEPSS 0.4%CVE-2022-1751HIGHSkitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request ForgeryEPSS 0.4%CVE-2025-4967CRITICALServer Side Request Forgery (SSRF) vulnerability in Portal for ArcGISEPSS 0.4%CVE-2026-33679MEDIUMVikunja has SSRF via OpenID Connect Avatar Download that Bypasses Webhook SSRF ProtectionsEPSS 0.4%CVE-2025-27777HIGHApplio allows SSRF and file write in model_download.pyEPSS 0.4%CVE-2025-60279CRITICALA server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary rEPSS 0.4%CVE-2025-46341HIGHPrivilege escalation via SSRF when using HTTP authEPSS 0.4%CVE-2026-26324HIGHOpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)EPSS 0.4%CVE-2025-25194MEDIUMServer-Side Request Forgery (SSRF) in activitypub_federationEPSS 0.4%CVE-2024-13450LOWContact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request ForgeryEPSS 0.4%CVE-2025-14516MEDIUMYalantis uCrop URL com.yalantis.ucrop.task.BitmapLoadTask.java downloadFile server-side request forgeryEPSS 0.4%CVE-2026-30247MEDIUMWeKnora: SSRF via RedirectionEPSS 0.4%