Fallos del tipo CWE-918
2182 resultadosCVE-2026-42353HIGHPath traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parametersEPSS 0.4%CVE-2026-28798CRITICALArbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOSEPSS 0.4%CVE-2025-1970HIGHExport and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file FunctionEPSS 0.4%CVE-2026-8606HIGHServer-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL EndpointEPSS 0.4%CVE-2023-42450MEDIUMMastodon Server-Side Request Forgery vulnerabilityEPSS 0.4%CVE-2025-3412MEDIUMmymagicpower AIAS InferController.java server-side request forgeryEPSS 0.4%CVE-2025-4012MEDIUMplayeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgeryEPSS 0.4%CVE-2026-40500MEDIUMProcessWire CMS SSRF via Add Module From URLEPSS 0.4%CVE-2025-3411MEDIUMmymagicpower AIAS AsrController.java server-side request forgeryEPSS 0.4%CVE-2024-29319LOWVolmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make EPSS 0.4%CVE-2026-8768MEDIUMvercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgeryEPSS 0.4%CVE-2026-52805HIGHGogs: Migration Redirect Bypass Leads to Internal Repository TheftEPSS 0.4%CVE-2025-0474HIGHInvoice Ninja PDF Rendering Server Side Request ForgeryEPSS 0.4%CVE-2024-32803MEDIUMWordPress SuperFaktura WooCommerce plugin <= 1.40.3 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.4%CVE-2026-40346MEDIUMNocoBase has SSRF in Workflow HTTP Request and Custom Request PluginsEPSS 0.4%CVE-2026-33486MEDIUMRoadiz has Server-Side Request Forgery (SSRF) in roadiz/documentsEPSS 0.4%CVE-2026-40999HIGHSpring WS SSRF via unvalidated WS-Addressing reply destinationsEPSS 0.4%CVE-2026-44598MEDIUMApache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials)EPSS 0.4%CVE-2024-28668MEDIUMDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.phpEPSS 0.4%CVE-2024-5021CRITICALWordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request ForgeryEPSS 0.4%