Weaknesses of type CWE-918

2,185 results
CVE-2025-52196HIGHServer-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arEPSS 0.3%CVE-2026-4528MEDIUMtrueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgeryEPSS 0.3%CVE-2026-45401HIGHOpen WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load EndpointsEPSS 0.3%CVE-2026-6625MEDIUMmoxi624 Mogu Blog v2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forgeryEPSS 0.3%CVE-2026-4302HIGHWowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST APIEPSS 0.3%CVE-2025-30678MEDIUMA Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manEPSS 0.3%CVE-2025-59344HIGHAliasVault Vulnerable to Server-Side Request Forgery via Favicon ExtractionEPSS 0.3%CVE-2025-30679MEDIUMA Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manEPSS 0.3%CVE-2025-52491MEDIUMAkamai CloudTest before 60 2025.06.09 (12989) allows SSRF.EPSS 0.3%CVE-2026-3052MEDIUMDataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgeryEPSS 0.3%CVE-2025-26487HIGHServer Side Request Forgery (SSRF) in the web server of Infinera MTC-9EPSS 0.3%CVE-2023-29260MEDIUMIBM Sterling Connect:Express for UNIX server-side request forgeryEPSS 0.3%CVE-2026-25870MEDIUMDoraCMS <= 3.1 UEditor Remote Image Fetch SSRFEPSS 0.3%CVE-2026-7221MEDIUMTencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgeryEPSS 0.3%CVE-2026-28677HIGHOpenSift: Insufficient URL destination restrictions in ingest flow could enable SSRF-style internal accessEPSS 0.3%CVE-2024-31897MEDIUMIBM Cloud Pak for Business Automation server-side request forgeryEPSS 0.3%CVE-2026-2985MEDIUMTiandy Video Surveillance System 视频监控平台 CLSBODownLoad.java downloadImage server-side request forgeryEPSS 0.3%CVE-2025-10391MEDIUMCRMEB OutAccountServices.php testOutUrl server-side request forgeryEPSS 0.3%CVE-2026-34746HIGHPayload has Authenticated SSRF via Upload FunctionalityEPSS 0.3%CVE-2026-35572HIGHSSRF via Referer header in ChurchCRM allows server-side HTTP/HTTPS requests to arbitrary hostsEPSS 0.3%