Weaknesses of type CWE-918

2,182 results
CVE-2023-37978MEDIUMWordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.4%CVE-2026-1648HIGHPerformance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' ParameterEPSS 0.4%CVE-2024-10206MEDIUMServer-Side Request Forgery (unauthenticated) in APROL Web PortalEPSS 0.4%CVE-2025-55853CRITICALSoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal oEPSS 0.4%CVE-2023-29008HIGHSvelteKit framework has Insufficient CSRF protection for CORS requestsEPSS 0.4%CVE-2025-27217CRITICALA Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside oEPSS 0.4%CVE-2024-12237MEDIUMPhoto Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request ForgeryEPSS 0.4%CVE-2023-45705LOWHCL BigFix Platform is susceptible to Server Side Request Forgery (SSRF)EPSS 0.4%CVE-2026-41654MEDIUMWeblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_urlEPSS 0.4%CVE-2025-47293LOWPowSyBl Core XML Reader allows XXE and SSRFEPSS 0.4%CVE-2026-26019MEDIUM@langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validationEPSS 0.4%CVE-2026-40168HIGHPostiz has Server-Side Request Forgery via Redirect Bypass in /api/public/streamEPSS 0.4%CVE-2023-26459HIGHServer Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP PlatformEPSS 0.4%CVE-2023-7325CRITICALMingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRFEPSS 0.4%CVE-2025-52967MEDIUMgateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.EPSS 0.4%CVE-2025-2109MEDIUMWP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init FunctionEPSS 0.4%CVE-2024-20332MEDIUMA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker EPSS 0.4%CVE-2026-33407HIGHWallos: SSRF via HTTP Proxy Environment VariableEPSS 0.4%CVE-2024-31288HIGHWordPress RapidLoad plugin <= 2.2.11 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.4%CVE-2026-42141HIGHXibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionalityEPSS 0.4%