Weaknesses of type CWE-918
2,183 resultsCVE-2026-54017HIGHOpen WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversalEPSS 0.3%CVE-2026-43884HIGHWWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()EPSS 0.3%CVE-2025-44594CRITICALhalo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-EPSS 0.3%CVE-2022-39239MEDIUMnefly-ipx subject to Server-Side Request Forgery and Stored Cross-Site Scripting via Cache Poisoning and Improper Host ValidationEPSS 0.3%CVE-2024-37157MEDIUMDiscourse vulnerable to Server-Side Request Forgery via FastImageEPSS 0.3%CVE-2024-37164HIGHCVAT SSRF via custom cloud storage endpointsEPSS 0.3%CVE-2026-32279MEDIUMConnect CMS has SSRF in the External Page Migration Feature of its Page Management PluginEPSS 0.3%CVE-2026-33712CRITICALTypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controlsEPSS 0.3%CVE-2024-32718MEDIUMWordPress The Pack Elementor addons plugin <= 2.0.8.2 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-8133MEDIUMyanyutao0402 ChanCMS gather.js getArticle server-side request forgeryEPSS 0.3%CVE-2026-34476HIGHApache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP ServerEPSS 0.3%CVE-2025-15264MEDIUMFeehiCMS TimThumb timthumb.php server-side request forgeryEPSS 0.3%CVE-2026-41682MEDIUMpupnp: Port truncation via atoi() cast in parse_uri() allows SSRF port confusionEPSS 0.3%CVE-2025-63408MEDIUMLocal Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to EPSS 0.3%CVE-2025-14008MEDIUMdayrui XunRuiCMS Project Domain Change Test admin79f2ec220c7e.php server-side request forgeryEPSS 0.3%CVE-2024-34453MEDIUMTwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reachesEPSS 0.3%CVE-2025-29461HIGHAn issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.EPSS 0.3%CVE-2025-29452HIGHAn issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.EPSS 0.3%CVE-2023-26442LOWIn case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacEPSS 0.3%CVE-2024-43371MEDIUMPotential access to sensitive URLs via CKAN extensions (SSRF)EPSS 0.3%