Fallos del tipo CWE-918

2196 resultados
CVE-2026-7084MEDIUMHBAI-Ltd Toonflow-app getCodeByLink Endpoint getCodeByLink.ts fetch server-side request forgeryEPSS 0.3%CVE-2026-34367HIGHInvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes FieldEPSS 0.3%CVE-2025-5260HIGHSSRF in PozitifIK's Pik OnlineEPSS 0.3%CVE-2025-9805MEDIUMSimStudioAI sim route.ts server-side request forgeryEPSS 0.3%CVE-2026-33537MEDIUMLychee has SSRF bypass via incomplete IP validation in Photo::fromUrl — loopback and link-local IPs not blockedEPSS 0.3%CVE-2026-41130MEDIUMCraft CMS has a host header injection leading to SSRF via resource-js endpointEPSS 0.3%CVE-2024-2090MEDIUMRemote Content Shortcode <= 1.5 - Authenticated (Contributor+) Server-Side Request ForgeryEPSS 0.3%CVE-2023-7073MEDIUMAuto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.3%CVE-2026-41481MEDIUMLangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect BypassEPSS 0.3%CVE-2025-68696HIGHhttparty Has Potential SSRF Vulnerability That Leads to API Key LeakageEPSS 0.3%CVE-2026-5205MEDIUMchatwoot Webhook API trigger.rb Trigger server-side request forgeryEPSS 0.3%CVE-2025-62155HIGHQuantumNous New API Has SSRF BypassEPSS 0.3%CVE-2026-2290LOWPost Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' FieldEPSS 0.3%CVE-2026-3881MEDIUMPerformance Monitor <= 1.0.6 - Unauthenticated Blind SSRFEPSS 0.3%CVE-2026-42339HIGHNew API: SSRF Filter Bypass via 0.0.0.0EPSS 0.3%CVE-2026-6573MEDIUMPHPEMS Instant Exam Creation exams.master.php temppage server-side request forgeryEPSS 0.3%CVE-2026-21885MEDIUMMiniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resourcesEPSS 0.3%CVE-2026-32301CRITICALCentrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URLEPSS 0.3%CVE-2026-34881MEDIUMOpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, EPSS 0.3%CVE-2026-45548HIGHBudibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist ValidationEPSS 0.3%