Fallos del tipo CWE-918

2194 resultados
CVE-2025-10705MEDIUMMxChat – AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request ForgeryEPSS 0.3%CVE-2026-5607MEDIUMimprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgeryEPSS 0.3%CVE-2026-7603MEDIUMJeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgeryEPSS 0.3%CVE-2026-29954HIGHIn KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of EPSS 0.3%CVE-2025-22346MEDIUMWordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-6497MEDIUMprasathmani TinyFileManager File Upload filemanager.php server-side request forgeryEPSS 0.3%CVE-2026-24470HIGHSkipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalNameEPSS 0.3%CVE-2026-53754HIGHCrawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)EPSS 0.3%CVE-2026-5126MEDIUMSourceCodester RSS Feed Parser file_get_contents server-side request forgeryEPSS 0.3%CVE-2026-34576HIGHPostiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadataEPSS 0.3%CVE-2025-11128MEDIUMFeedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request ForgeryEPSS 0.3%CVE-2025-15098MEDIUMYunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgeryEPSS 0.3%CVE-2024-43379LOWTruffleHog has a Blind SSRF in some DetectorsEPSS 0.3%CVE-2025-13872LOWBlind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet OpinioEPSS 0.3%CVE-2025-12375MEDIUMPrintful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request ForgeryEPSS 0.3%CVE-2026-43576MEDIUMOpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URLEPSS 0.3%CVE-2025-53473MEDIUMServer-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploiteEPSS 0.3%CVE-2025-28093MEDIUMShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.EPSS 0.3%CVE-2026-22597MEDIUMGhost has SSRF via External Media InlinerEPSS 0.3%CVE-2026-39361HIGHOpenObserve has a SSRF Protection Bypass via IPv6 Bracket Notation in validate_enrichment_urlEPSS 0.3%