Fallos del tipo CWE-918

2196 resultados
CVE-2026-42597MEDIUMGotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// schemeEPSS 0.3%CVE-2026-6812MEDIUMOna <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' ParameterEPSS 0.3%CVE-2024-46413MEDIUMRebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBEPSS 0.3%CVE-2026-2945MEDIUMJeecgBoot uploadImgByHttp server-side request forgeryEPSS 0.3%CVE-2026-10107HIGHMoviePilot v2 SSRF via /api/v1/system/img/{proxy} EndpointEPSS 0.3%CVE-2024-25181CRITICALA critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary filEPSS 0.3%CVE-2024-55399MEDIUM4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).EPSS 0.3%CVE-2024-38723MEDIUMWordPress Get Use APIs – JSON Content Importer plugin <= 1.5.6 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-31945HIGHLibreChat Server-Side Request Forgery using DNS resolutionEPSS 0.2%CVE-2020-14327A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower sEPSS 0.2%CVE-2026-38527HIGHA Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internaEPSS 0.2%CVE-2025-13378MEDIUMAI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' ParameterEPSS 0.2%CVE-2026-46683MEDIUMSnappy: SSRF and local file read via the xsl-style-sheet optionEPSS 0.2%CVE-2026-33619MEDIUMPinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrlEPSS 0.2%CVE-2025-69239MEDIUMServer-Site Request Forgery in Raytha CMSEPSS 0.2%CVE-2024-34581HIGHThe W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is EPSS 0.2%CVE-2025-47548MEDIUMWordPress Wbcom Designs - Activity Link Preview For BuddyPress plugin <= 1.4.4 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-50888HIGHAn authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows aEPSS 0.2%CVE-2026-48555MEDIUMSpatie Laravel Media Library < 11.23.0 SSRF via addMediaFromUrl()EPSS 0.2%CVE-2025-68030HIGHWordPress Frontis Blocks plugin <= 1.1.5 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%