Weaknesses of type CWE-918

2,198 results
CVE-2026-10583MEDIUMnextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgeryEPSS 0.2%CVE-2026-10662MEDIUMahujasid blender-mcp ZIP File server.py requests.get server-side request forgeryEPSS 0.2%CVE-2026-34225MEDIUMOpen WebUI has Blind Server Side Request Forgery in its Image Edit FunctionalityEPSS 0.2%CVE-2026-43929HIGHssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed InputsEPSS 0.2%CVE-2026-27945LOWZITADEL has potential SSRF via ActionsEPSS 0.2%CVE-2026-2531MEDIUMMindsDB File Upload security.py clear_filename server-side request forgeryEPSS 0.2%CVE-2026-53607LOW@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host headerEPSS 0.2%CVE-2025-6242HIGHVllm: server side request forgery (ssrf) in mediaconnectorEPSS 0.2%CVE-2026-34590MEDIUMPostiz: SSRF via Webhook Creation Endpoint Missing URL Safety ValidationEPSS 0.2%CVE-2026-42965HIGHOpenshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validationEPSS 0.2%CVE-2026-11424HIGHServer-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information DisclosureEPSS 0.2%CVE-2026-11346MEDIUMServer-Side Request Forgery (SSRF) allowing Internal Network Probing in linqiEPSS 0.2%CVE-2025-12073MEDIUMServer-Side Request Forgery (SSRF) in GitLabEPSS 0.2%CVE-2026-33458MEDIUMServer-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information DisclosureEPSS 0.2%CVE-2026-48148MEDIUMBudibase: Unvalidated VectorDB Host Parameter Enables SSRFEPSS 0.2%CVE-2026-45310HIGHCodeWhale: SSRF via HTTP Redirect Bypass in fetch_url ToolEPSS 0.2%CVE-2024-49312MEDIUMWordPress Edwiser Bridge plugin <= 3.0.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-0632MEDIUMFluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'EPSS 0.2%CVE-2026-56663HIGHAutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` accessEPSS 0.2%CVE-2026-3681MEDIUMwelovemedia FFmate webhook.go fireWebhook server-side request forgeryEPSS 0.2%