Fallos del tipo CWE-918
2157 resultadosCVE-2016-3718MEDIUMThe (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request EPSS 76.9%KEVCVE-2022-1386—Fusion Builder < 3.6.2 - Unauthenticated SSRFEPSS 71.7%CVE-2022-26135MEDIUMA vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the siEPSS 71.2%CVE-2021-32682CRITICALMultiple vulnerabilities leading to RCEEPSS 69.9%CVE-2021-29490MEDIUMUnauthenticated GET requests through Remote Image endpointsEPSS 69.9%CVE-2020-10770—A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter EPSS 69.7%CVE-2024-38472HIGHApache HTTP Server on WIndows UNC SSRFEPSS 68.0%CVE-2023-43795HIGHWPS Server Side Request Forgery in GeoServerEPSS 67.7%CVE-2023-50968—Apache OFBiz: Arbitrary file properties reading and SSRF attackEPSS 63.4%CVE-2025-27817HIGHApache Kafka Client: Arbitrary file read and SSRF vulnerabilityEPSS 60.8%CVE-2021-24472—Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRFEPSS 56.6%CVE-2024-32964CRITICALlobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerabilityEPSS 54.7%CVE-2021-22175MEDIUMWhen requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versionsEPSS 53.4%KEVCVE-2026-20230HIGHA vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (UnEPSS 51.2%CVE-2021-21342MEDIUMA Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local hostEPSS 50.1%CVE-2025-30220CRITICALGeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handlingEPSS 49.2%CVE-2022-31188HIGHServer-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT)EPSS 47.8%CVE-2021-21349MEDIUMA Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local hostEPSS 47.8%CVE-2024-47008HIGHServer-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.EPSS 46.6%CVE-2026-33626HIGHLMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image LoadingEPSS 45.3%