Fallos del tipo CWE-918
2204 resultadosCVE-2026-36758MEDIUMA Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan inteEPSS 0.2%CVE-2026-24961MEDIUMWordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-32412MEDIUMWordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 3.1.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-46531MEDIUMWordPress WP AVCL Automation Helper (formerly WPFlyLeads) plugin <= 3.4 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-60175MEDIUMWordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-28036MEDIUMWordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-39647MEDIUMWordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-32353MEDIUMWordPress MailerPress plugin <= 1.4.2 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-54560LOWA Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 whichEPSS 0.2%CVE-2025-58829MEDIUMWordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.3.3 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-39630MEDIUMWordPress Getty Images plugin <= 4.1.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-53018LOWLychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLsEPSS 0.2%CVE-2026-44661MEDIUMpython-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocolEPSS 0.2%CVE-2026-39645MEDIUMWordPress GlobalPayments WooCommerce plugin <= 1.18.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-12566LOWSSRF via unvalidated WWW-Authenticate realm in docker_pull moduleEPSS 0.2%CVE-2026-3340MEDIUMServer-Side Request Forgery (SSRF) in Langflow URL ComponentEPSS 0.2%CVE-2026-43879MEDIUMWWBN AVideo: Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect BypassEPSS 0.2%CVE-2026-25904MEDIUMOverly permissive Deno configuration in mcp-run-python leads to SSRFEPSS 0.2%CVE-2026-2455MEDIUMSSRF bypass via IPv4-mapped IPv6 literalsEPSS 0.2%CVE-2025-12575MEDIUMServer-Side Request Forgery (SSRF) in GitLabEPSS 0.2%