Fallos del tipo CWE-918

2184 resultados
CVE-2025-10397MEDIUMMagicblack MacCMS API server-side request forgeryEPSS 0.3%CVE-2026-44015HIGHNginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal ServicesEPSS 0.3%CVE-2025-10395MEDIUMMagicblack MacCMS Scheduled Task col_url server-side request forgeryEPSS 0.3%CVE-2023-4878MEDIUMServer-Side Request Forgery (SSRF) in instantsoft/icms2EPSS 0.3%CVE-2026-22247MEDIUMGLPI is Vulnerable to SSRF via WebhooksEPSS 0.3%CVE-2025-31009MEDIUMWordPress IndieBlocks plugin <= 0.13.1 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.3%CVE-2024-30420MEDIUMServer-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series verEPSS 0.3%CVE-2025-26515HIGHCVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)EPSS 0.3%CVE-2026-0258MEDIUMPAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL FetchingEPSS 0.3%CVE-2025-7103MEDIUMBoyunCMS curl Index.php server-side request forgeryEPSS 0.3%CVE-2026-28416HIGHGradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config ProcessingEPSS 0.3%CVE-2024-31991MEDIUMMealie vulnerable to a GET-based SSRF in recipe importer (GHSL-2023-225)EPSS 0.3%CVE-2024-0216MEDIUMGoogle Doc Embedder <= 2.6.4 - Authenticated (Contributor+) Blind Server Side Request ForgeryEPSS 0.3%CVE-2026-1313HIGHMimeTypes Link Icons <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post ContentEPSS 0.3%CVE-2023-4893MEDIUMCrayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request ForgeryEPSS 0.3%CVE-2026-6394MEDIUMNexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' ParameterEPSS 0.3%CVE-2026-39974HIGHn8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP modeEPSS 0.3%CVE-2026-29925HIGHInvoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.EPSS 0.3%CVE-2025-20388LOWBlind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk EnterpriseEPSS 0.3%CVE-2025-47791MEDIUMNextcloud Server's test remote endpoint is not rate limitedEPSS 0.3%