Fallos del tipo CWE-918

2185 resultados
CVE-2024-13411MEDIUMZapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user FunctionEPSS 0.3%CVE-2026-10517MEDIUMClair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissanceEPSS 0.3%CVE-2024-32454MEDIUMWordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-13809MEDIUMorionsec orion-ops SSH Connection MachineInfoController.java server-side request forgeryEPSS 0.3%CVE-2026-32236LOW@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetchEPSS 0.3%CVE-2026-13150MEDIUMSSRF in Pentestify PDF generation endpoint via Host headerEPSS 0.3%CVE-2025-68150HIGHParse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth AdapterEPSS 0.3%CVE-2026-44116MEDIUMOpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL ValidationEPSS 0.3%CVE-2026-50127MEDIUMWeblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)EPSS 0.3%CVE-2026-40566MEDIUMFreeScout vulnerable to SSRF via IMAP/SMTP Connection Test EndpointsEPSS 0.3%CVE-2026-12095HIGHKargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' ParameterEPSS 0.3%CVE-2024-9408HIGHIn Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.EPSS 0.3%CVE-2024-33634MEDIUMWordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-10453MEDIUMPilotGaea Technologies|O'View MapServer - Server-Side Request ForgeryEPSS 0.3%CVE-2026-35037HIGHEch0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadataEPSS 0.3%CVE-2026-53755HIGHCrawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF checkEPSS 0.3%CVE-2023-35896MEDIUMIBM Content Navigator server-side request forgeryEPSS 0.3%CVE-2026-33081MEDIUMPinchTab has Blind SSRF via browser-side redirect bypass in /download URL validationEPSS 0.3%CVE-2024-56279MEDIUMWordPress Compact WP Audio Player plugin <= 1.9.14 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-31796MEDIUMWordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.9 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%