Weaknesses of type CWE-918

2,182 results
CVE-2026-3750MEDIUMContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgeryEPSS 0.4%CVE-2024-34689MEDIUM[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)EPSS 0.4%CVE-2025-1912HIGHProduct Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file FunctionEPSS 0.4%CVE-2024-33590MEDIUMWordPress basepress plugin <= 2.16.1 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.4%CVE-2026-42596CRITICALGotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhookEPSS 0.4%CVE-2023-38626MEDIUMA post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow aEPSS 0.4%CVE-2024-32430MEDIUMWordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.4%CVE-2023-38627MEDIUMA post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow aEPSS 0.4%CVE-2023-38625MEDIUMA post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow aEPSS 0.4%CVE-2026-25765MEDIUMFaraday affected by SSRF via protocol-relative URL host override in build_exclusive_urlEPSS 0.4%CVE-2026-3026MEDIUMerzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgeryEPSS 0.4%CVE-2023-50374MEDIUMWordPress CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.10 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.4%CVE-2024-1965MEDIUMServer-Side Request Forgery Vulnerability in Haivision ProductsEPSS 0.4%CVE-2025-10861HIGHPopup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request ForgeryEPSS 0.4%CVE-2024-29173MEDIUMDell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerabEPSS 0.3%CVE-2026-54017HIGHOpen WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversalEPSS 0.3%CVE-2023-37230HIGHLoftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.EPSS 0.3%CVE-2023-4651MEDIUMServer-Side Request Forgery (SSRF) in instantsoft/icms2EPSS 0.3%CVE-2023-51697MEDIUMAudiobookshelf vulnerable to Blind SSRF in `podcastUtils.js`EPSS 0.3%CVE-2023-51665MEDIUMAudiobookshelf vulnerable to Blind SSRF in `Auth.js`EPSS 0.3%