Weaknesses of type CWE-918

2,182 results
CVE-2024-28668MEDIUMDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.phpEPSS 0.4%CVE-2026-33486MEDIUMRoadiz has Server-Side Request Forgery (SSRF) in roadiz/documentsEPSS 0.4%CVE-2026-44598MEDIUMApache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials)EPSS 0.4%CVE-2024-5021CRITICALWordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request ForgeryEPSS 0.4%CVE-2026-40999HIGHSpring WS SSRF via unvalidated WS-Addressing reply destinationsEPSS 0.4%CVE-2026-49139HIGHNanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl PoisoningEPSS 0.4%CVE-2025-2192MEDIUMStoque Zeev.it Login Page server-side request forgeryEPSS 0.4%CVE-2025-65513HIGHfetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP vEPSS 0.4%CVE-2025-57055MEDIUMWonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. An authenticated adminiEPSS 0.4%CVE-2023-46746MEDIUMAuthenticated PostHog users vulnerable to SSRFEPSS 0.4%CVE-2025-50180HIGHesm.sh is vulnerable to full-response SSRFEPSS 0.4%CVE-2023-41239MEDIUMWordPress PowerPress Podcasting Plugin <= 11.0.6 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.4%CVE-2024-32812MEDIUMWordPress Podlove Podcast Publisher plugin <= 4.0.11 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.4%CVE-2026-1884MEDIUMZenTao Webhook model.php fetchHook server-side request forgeryEPSS 0.4%CVE-2026-45338HIGHOpen WebUI: SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)EPSS 0.4%CVE-2024-41664MEDIUMBlind SSRF via Canarytoken WebhookEPSS 0.4%CVE-2026-24138HIGHFOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php`EPSS 0.4%CVE-2023-3025HIGHDropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link'EPSS 0.4%CVE-2026-6229HIGHRoyal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL ParameterEPSS 0.4%CVE-2025-67685LOWA Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 alEPSS 0.4%