Fallos del tipo CWE-918
2157 resultadosCVE-2022-0766MEDIUMServer-Side Request Forgery (SSRF) in janeczku/calibre-webEPSS 1.3%CVE-2021-3553MEDIUMServer-Side Request Forgery in EPPUpdateService remote config file (VA-9825)EPSS 1.3%CVE-2022-1977—WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRFEPSS 1.3%CVE-2021-43449HIGHONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to rEPSS 1.2%CVE-2025-32355HIGHRocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a wEPSS 1.2%CVE-2022-0671—A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.EPSS 1.2%CVE-2024-5736HIGHSSRF in AdmirorFrames Joomla! ExtensionEPSS 1.2%CVE-2022-40357CRITICALA security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/phpEPSS 1.2%CVE-2020-8134—Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise intEPSS 1.2%CVE-2023-51441HIGHApache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP APIEPSS 1.2%CVE-2024-12450MEDIUMRCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflowEPSS 1.2%CVE-2022-0086HIGHServer-Side Request Forgery (SSRF) in transloadit/uppyEPSS 1.2%CVE-2020-29445MEDIUMAffected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and poEPSS 1.2%CVE-2021-41084HIGHResponse Splitting from unsanitized headers in http4sEPSS 1.2%CVE-2021-29431HIGHSSRF in Sydent due to missing validation of hostnamesEPSS 1.2%CVE-2022-1285HIGHServer-Side Request Forgery (SSRF) in gogs/gogsEPSS 1.2%CVE-2024-22262HIGHCVE-2024-22262: Spring Framework URL Parsing with Host ValidationEPSS 1.2%CVE-2020-8205—The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacEPSS 1.2%CVE-2021-22958—A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the EPSS 1.2%CVE-2023-27160HIGHforem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability EPSS 1.2%