Fallos del tipo CWE-918

2185 resultados
CVE-2025-47635MEDIUMWordPress WebinarPress plugin <= 1.33.28 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.3%CVE-2025-29460HIGHAn issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes thEPSS 0.3%CVE-2026-27479HIGHWallos: SSRF via Redirect Bypass in Logo/Icon URL FetchEPSS 0.3%CVE-2023-6195LOWServer-Side Request Forgery (SSRF) in GitLabEPSS 0.3%CVE-2026-40107HIGHSiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram RenderingEPSS 0.3%CVE-2023-51676MEDIUMWordPress Happy Addons for Elementor Plugin <= 3.9.1.1 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.3%CVE-2025-14443MEDIUMOse-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanismEPSS 0.3%CVE-2025-61768MEDIUMKuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG UploadEPSS 0.3%CVE-2025-5140MEDIUMSeeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData server-side request forgeryEPSS 0.3%CVE-2024-30453MEDIUMWordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-42175MEDIUMrequests-hardened: Server-Side Request Forgery (SSRF) in requests-hardened RFC 6598EPSS 0.3%CVE-2026-10280MEDIUMhorizon921 mcpilot MCP API Call Endpoint route.ts server-side request forgeryEPSS 0.3%CVE-2024-13857MEDIUMWPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request ForgeryEPSS 0.3%CVE-2022-35282MEDIUMIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted EPSS 0.3%CVE-2026-33234MEDIUMAutoGPT: SendEmailBlock's IP blocklist bypass allows SSRF via user-controlled SMTP serverEPSS 0.3%CVE-2024-37942HIGHWordPress BerqWP plugin <= 1.7.5 - Unauthenticated Non-Blind Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2024-25915MEDIUMWordPress Pexels: Free Stock Photos Plugin <= 1.2.2 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.3%CVE-2026-5418MEDIUMappsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgeryEPSS 0.3%CVE-2025-27406HIGHIcinga Reporting Stored XSS leads to SSRFEPSS 0.3%CVE-2025-3192HIGHVersions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to aEPSS 0.3%