Weaknesses of type CWE-918
2,198 resultsCVE-2026-41170HIGHSquidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External RequestsEPSS 0.2%CVE-2025-62763MEDIUMZimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.EPSS 0.2%CVE-2025-67961MEDIUMWordPress WPO365 plugin <= 40.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-64427HIGHZimaOS is vulnerable to Server-Side Request Forgery (SSRF)EPSS 0.2%CVE-2021-47958MEDIUMCouchCMS 2.2.1 Server-Side Request Forgery via SVG uploadEPSS 0.2%CVE-2026-46393HIGHHAXcms createSite SSRF Enables Arbitrary File ReadEPSS 0.2%CVE-2024-13695MEDIUMEnfold <= 6.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery via attachment_idEPSS 0.2%CVE-2026-42261HIGHPromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`EPSS 0.2%CVE-2023-53893MEDIUMAteme TITAN File 3.9 Authenticated Server-Side Request Forgery VulnerabilityEPSS 0.2%CVE-2026-25385MEDIUMWordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-14627MEDIUMWP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink BypassEPSS 0.2%CVE-2025-3775MEDIUMShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL ParameterEPSS 0.2%CVE-2026-1518LOWKeycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloakEPSS 0.2%CVE-2026-41455MEDIUMWeKan < 8.35 SSRF via Webhook URLEPSS 0.2%CVE-2026-39383MEDIUMGotenberg unauthenticated blind SSRF via unfiltered webhook URLEPSS 0.2%CVE-2024-39637MEDIUMWordPress Edubin theme <= 9.2.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-44117MEDIUMOpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media UploadEPSS 0.2%CVE-2026-41297MEDIUMOpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download RedirectEPSS 0.2%CVE-2025-57943MEDIUMWordPress Skimlinks Affiliate Marketing Tool plugin <= 1.3.1 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-53461MEDIUMWordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%