Weaknesses of type CWE-918

2,192 results
CVE-2026-28451MEDIUMOpenClaw < 2026.2.14 - SSRF via Feishu Extension Media FetchingEPSS 0.3%CVE-2025-11361MEDIUMEssential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.3%CVE-2026-33540HIGHDistribution affected by pull-through cache credential exfiltration via www-authenticate bearer realmEPSS 0.3%CVE-2026-21433HIGHEmlog vulnerable to Server-Side Request Forgery (SSRF)EPSS 0.3%CVE-2026-35516MEDIUMLinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta ProtectionEPSS 0.3%CVE-2026-33953HIGHLinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAceEPSS 0.3%CVE-2025-67743MEDIUMLocal Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download ServiceEPSS 0.3%CVE-2025-7813HIGHEvent Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request ForgeryEPSS 0.3%CVE-2026-32096CRITICALPlunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/snsEPSS 0.3%CVE-2024-47190LOWNorthern.tech Hosted Mender before 2024.07.11 allows SSRF.EPSS 0.3%CVE-2026-6983MEDIUMpagekit download server-side request forgeryEPSS 0.3%CVE-2025-70027HIGHAn issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to EPSS 0.3%CVE-2026-33675MEDIUMVikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network ResourcesEPSS 0.3%CVE-2026-42864CRITICALFireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theftEPSS 0.3%CVE-2024-54197HIGHServer-Side Request Forgery in SAP NetWeaver Administrator (System Overview)EPSS 0.3%CVE-2026-33637NONEFaraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2)EPSS 0.3%CVE-2024-49822MEDIUMIBM QRadar Advisor server-side request forgeryEPSS 0.3%CVE-2026-29178HIGHLemmy: Unauthenticated SSRF via file_type query parameter injection in image endpointEPSS 0.3%CVE-2026-3478HIGHContent Syndication Toolkit <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' ParameterEPSS 0.3%CVE-2026-50189HIGHAppsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy RouteEPSS 0.3%