Fallos del tipo CWE-918
2181 resultadosCVE-2025-11427MEDIUMWP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request ForgeryEPSS 0.4%CVE-2026-41887MEDIUMFlarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)EPSS 0.4%CVE-2023-30444HIGHIBM Watson Machine Learning on Cloud Pak for Data server-side request forgeryEPSS 0.4%CVE-2024-3047HIGHPDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Server-Side Request ForgeryEPSS 0.4%CVE-2024-5526HIGHGrafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and inteEPSS 0.4%CVE-2024-46468HIGHA Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitiveEPSS 0.4%CVE-2026-47267HIGHGogs: SSRF in webhook deliveriesEPSS 0.4%CVE-2026-8328MEDIUMFTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host addressEPSS 0.4%CVE-2026-35486HIGHtext-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validationEPSS 0.4%CVE-2022-41949MEDIUMSemi-blind Server-Side Request Forgery in dhis2-coreEPSS 0.4%CVE-2025-5510MEDIUMquequnlong shiyi-blog optimize server-side request forgeryEPSS 0.4%CVE-2026-33992CRITICALpyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata ExfiltrationEPSS 0.4%CVE-2026-28467MEDIUMOpenClaw < 2026.2.2 - SSRF via Attachment Media URL HydrationEPSS 0.4%CVE-2025-62427HIGHServer-Side Request Forgery (SSRF) in Angular SSREPSS 0.4%CVE-2024-13924MEDIUMStarter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request ForgeryEPSS 0.4%CVE-2025-59088HIGHPython-kdcproxy: unauthenticated ssrf via realm‑controlled dns srvEPSS 0.4%CVE-2026-25511HIGHGroup-Office is vulnerable to SSRF and File Read in WOPI service discoveryEPSS 0.4%CVE-2026-43995MEDIUMFlowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)EPSS 0.4%CVE-2026-42313HIGHpyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxyEPSS 0.4%CVE-2021-38132MEDIUMPossible External service interaction VulnerabilityEPSS 0.4%