Weaknesses of type CWE-918

2,185 results
CVE-2026-35572HIGHSSRF via Referer header in ChurchCRM allows server-side HTTP/HTTPS requests to arbitrary hostsEPSS 0.3%CVE-2025-28197CRITICALCrawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.EPSS 0.3%CVE-2026-4874LOWOrg.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulationEPSS 0.3%CVE-2025-2170HIGHA Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific condEPSS 0.3%CVE-2025-64327MEDIUMThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping EndpointEPSS 0.3%CVE-2026-53931MEDIUMNocoDB: Server-Side Request Forgery via Spreadsheet Import EndpointEPSS 0.3%CVE-2025-8527MEDIUMExrick xboot Swagger SecurityController.java server-side request forgeryEPSS 0.3%CVE-2024-32775MEDIUMWordPress Embed Google Photos album plugin <= 2.1.9 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2024-33627MEDIUMWordPress AGCA – Custom Dashboard & Login Page plugin <= 7.2.2 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-7065MEDIUMBidingCC BuildingAI Remote Upload API file-storage.service.ts uploadRemoteFile server-side request forgeryEPSS 0.3%CVE-2024-5031HIGHMemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file ShortcodeEPSS 0.3%CVE-2025-62505LOWSSRF in lobehub/lobe-chat with native web fetch moduleEPSS 0.3%CVE-2026-4200MEDIUMglowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgeryEPSS 0.3%CVE-2026-7158MEDIUMdmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgeryEPSS 0.3%CVE-2026-10287MEDIUMSourceCodester SEO Meta Tag Extractor index.php get_headers server-side request forgeryEPSS 0.3%CVE-2026-10771MEDIUMcrmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgeryEPSS 0.3%CVE-2025-64180CRITICALManager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)EPSS 0.3%CVE-2026-20958MEDIUMMicrosoft SharePoint Information Disclosure VulnerabilityEPSS 0.3%CVE-2026-1294HIGHAll In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy EndpointEPSS 0.3%CVE-2026-10517MEDIUMClair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissanceEPSS 0.3%