Weaknesses of type CWE-918
2,196 resultsCVE-2024-30532MEDIUMWordPress Builderall Builder for WordPress plugin <= 2.0.1 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-27600MEDIUMFastGPT SSRFEPSS 0.3%CVE-2026-8661MEDIUMServer-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF PluginEPSS 0.3%CVE-2026-53827MEDIUMOpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action ForwardingEPSS 0.3%CVE-2024-32955MEDIUMWordPress FV Flowplayer Video Player plugin <= 7.5.43.7212 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-40100MEDIUMFastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP defaultEPSS 0.3%CVE-2026-33990MEDIUMDocker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)EPSS 0.3%CVE-2026-30404HIGHThe backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issueEPSS 0.3%CVE-2025-8013LOWQuttera Web Malware Scanner <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request ForgeryEPSS 0.3%CVE-2026-13603CRITICALSSRF with API key leak in pretix-oppwaEPSS 0.3%CVE-2026-43573MEDIUMOpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction RoutesEPSS 0.3%CVE-2026-2274HIGHArbitrary File Read and SSRF in Google AppSheetEPSS 0.3%CVE-2025-33203HIGHNVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request ForEPSS 0.3%CVE-2026-6979MEDIUMdevlikeapro WAHA API Request media.controller.ts server-side request forgeryEPSS 0.3%CVE-2025-8529MEDIUMcloudfavorites favorites-web CollectController.java getCollectLogoUrl server-side request forgeryEPSS 0.3%CVE-2026-34981MEDIUMwhisperX REST API: SSRF in download_from_url() — URL validation happens after HTTP request, extension bypass via .mp3EPSS 0.3%CVE-2026-6981MEDIUMIhateCreatingUserNames2 AiraHub2 Endpoint AiraHub.py sync_agents server-side request forgeryEPSS 0.3%CVE-2026-43526HIGHOpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL HandlingEPSS 0.3%CVE-2026-3961MEDIUMzyddnys manga-image-translator Translate Endpoints request_extraction.py to_pil_image server-side request forgeryEPSS 0.3%CVE-2025-5818MEDIUMFeatured Image Plus – Quick & Bulk Edit with Unsplash <= 1.6.6 - Authenticated (Admin+) Server-Side Request ForgeryEPSS 0.3%