Weaknesses of type CWE-918

2,182 results
CVE-2026-25494MEDIUMCraft has a SSRF in GraphQL Asset Mutation via Alternative IP NotationEPSS 0.4%CVE-2024-48907HIGHSematell ReplyOne 7.4.3.0 allows SSRF via the application server API.EPSS 0.4%CVE-2025-12136MEDIUMReal Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login EndpointEPSS 0.4%CVE-2023-46736MEDIUMServer-Side Request Forgery in espocrmEPSS 0.4%CVE-2023-38624MEDIUMA post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow aEPSS 0.4%CVE-2025-62615CRITICALAutoGPT has SSRF vulnerability in ReadRSSFeedBlockEPSS 0.4%CVE-2023-50913CRITICALOxide control plane software before 5 allows SSRF.EPSS 0.4%CVE-2025-9960MEDIUMis-localhost-ip 2.0.0 - SSRF via Restrictions bypassEPSS 0.4%CVE-2025-49852HIGHServer-Side Request Forgery (SSRF) in ControlID iDSecure On-premisesEPSS 0.4%CVE-2026-4979MEDIUMUsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' ParameterEPSS 0.4%CVE-2026-7177MEDIUMChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgeryEPSS 0.4%CVE-2025-10765MEDIUMSeriaWei ZKEACMS SEOSuggestions ZKEACMS.SEOSuggestions.dll server-side request forgeryEPSS 0.4%CVE-2025-25760HIGHA Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and serviceEPSS 0.4%CVE-2025-48739MEDIUMA Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and EPSS 0.4%CVE-2026-30858MEDIUMWeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal ResourcesEPSS 0.4%CVE-2025-13281MEDIUMPortworx Half-Blind SSRF in kube-controller-managerEPSS 0.4%CVE-2026-2711MEDIUMzhutoutoutousan worldquant-miner URL ssrf_proxy.py server-side request forgeryEPSS 0.4%CVE-2024-50811CRITICALhopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bdEPSS 0.4%CVE-2025-1912HIGHProduct Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file FunctionEPSS 0.4%CVE-2024-34689MEDIUM[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)EPSS 0.4%