Weaknesses of type CWE-918

2,198 results
CVE-2026-56663HIGHAutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` accessEPSS 0.2%CVE-2026-57303HIGHJenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers aEPSS 0.2%CVE-2024-38791MEDIUMWordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-15414MEDIUMgo-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgeryEPSS 0.2%CVE-2026-8320MEDIUMjishenghua jshERP updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode server-side request forgeryEPSS 0.2%CVE-2025-5817HIGHAmazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request ForgeryEPSS 0.2%CVE-2025-42965MEDIUMServer Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management ApplicationEPSS 0.2%CVE-2025-14116MEDIUMxerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgeryEPSS 0.2%CVE-2026-41302MEDIUMOpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin DownloadEPSS 0.2%CVE-2024-48107MEDIUMSparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or loEPSS 0.2%CVE-2026-0649MEDIUMinvoiceninja Migration Import Import.php copy server-side request forgeryEPSS 0.2%CVE-2025-11467MEDIUMRSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request ForgeryEPSS 0.2%CVE-2025-42988LOWServer-Side Request Forgery in SAP Business Objects Business Intelligence PlatformEPSS 0.2%CVE-2026-2053HIGHUnauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API ManagerEPSS 0.2%CVE-2024-38758MEDIUMWordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-39921MEDIUMGeoNode < 4.4.5, 5.0.2 SSRF via Document UploadEPSS 0.2%CVE-2026-9006HIGHIBM WebSphere Application Server is affected by server-side request forgeryEPSS 0.2%CVE-2025-13393MEDIUMFeatured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url'EPSS 0.2%CVE-2026-22181MEDIUMOpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetchEPSS 0.2%CVE-2024-12801LOWSaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacksEPSS 0.2%