Weaknesses of type CWE-918

2,203 results
CVE-2026-54401HIGHA malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges wiEPSS 0.2%CVE-2026-24048LOWBackstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`EPSS 0.2%CVE-2026-5259MEDIUMAutohomeCorp frostmourne Alarm Preview AlarmController.java server-side request forgeryEPSS 0.2%CVE-2026-7150MEDIUMdh1011 auto-favicon MCP Tool server.py generate_favicon_from_url server-side request forgeryEPSS 0.2%CVE-2026-4308MEDIUMfrdel/agent0ai agent-zero document_query.py handle_pdf_document server-side request forgeryEPSS 0.2%CVE-2026-12813MEDIUMactivepieces File URL file.ts handleUrlFile server-side request forgeryEPSS 0.2%CVE-2025-48962MEDIUMSensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39EPSS 0.2%CVE-2025-68458LOWwebpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behaviorEPSS 0.2%CVE-2026-22805LOWMetabase channel test endpoint can reach internal local addressesEPSS 0.2%CVE-2026-7253MEDIUMIBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File GatewayEPSS 0.2%CVE-2025-68157LOWwebpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirectsEPSS 0.2%CVE-2025-52163MEDIUMA Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attacEPSS 0.2%CVE-2026-25428MEDIUMWordPress TS Poll plugin <= 2.5.5 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-5623MEDIUMhcengineering Huly Platform Import Endpoint index.ts server-side request forgeryEPSS 0.2%CVE-2025-58962MEDIUMWordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-9304LOWcalcom cal.diy Logo API route.ts validateUrlForSSRF server-side request forgeryEPSS 0.2%CVE-2026-49093MEDIUMServer-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network AccessEPSS 0.2%CVE-2026-27023MEDIUMTwenty: SSRF protection bypass via HTTP redirect following in secure HTTP clientEPSS 0.2%CVE-2025-43747MEDIUMA server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation oEPSS 0.2%CVE-2026-41321LOW@astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpointEPSS 0.2%