Weaknesses of type CWE-918

2,194 results
CVE-2026-9372MEDIUMItzCrazyKns Vane Model Provider API route.ts server-side request forgeryEPSS 0.3%CVE-2026-32111MEDIUMha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracleEPSS 0.3%CVE-2026-10068MEDIUMShibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgeryEPSS 0.3%CVE-2026-6587MEDIUMvibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgeryEPSS 0.3%CVE-2026-34443MEDIUMFreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask()EPSS 0.3%CVE-2024-33629MEDIUMWordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.0.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-2940HIGHNinja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request ForgeryEPSS 0.3%CVE-2026-31804MEDIUMTautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media ServerEPSS 0.3%CVE-2025-9414MEDIUMkalcaddle kodbox Download from Link serverDownload server-side request forgeryEPSS 0.3%CVE-2024-22134MEDIUMWordPress Contact Form 7 Extension For Mailchimp Plugin <= 0.5.70 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.3%CVE-2025-2245MEDIUMServer Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)EPSS 0.3%CVE-2026-56266CRITICALCrawl4AI - Server-Side Request Forgery via Direct Crawl EndpointsEPSS 0.3%CVE-2024-4789MEDIUMCost Calculator Builder Pro <= 3.1.72 - Authenticated (Subscriber+) Server-Side Request ForgeryEPSS 0.3%CVE-2025-25235HIGHOmnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-1043MEDIUMEmbed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc ShortcodeEPSS 0.3%CVE-2026-28451MEDIUMOpenClaw < 2026.2.14 - SSRF via Feishu Extension Media FetchingEPSS 0.3%CVE-2026-3163MEDIUMSourceCodester Website Link Extractor URL file_get_contents server-side request forgeryEPSS 0.3%CVE-2025-50228CRITICALJizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.EPSS 0.3%CVE-2025-60898MEDIUMAn unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacEPSS 0.3%CVE-2025-11361MEDIUMEssential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.3%