Fallos del tipo CWE-918

2202 resultados
CVE-2024-12801LOWSaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacksEPSS 0.2%CVE-2026-22772MEDIUMFulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex BypassEPSS 0.2%CVE-2024-48346MEDIUMxtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data/upload path. The vulnerability is triggered tEPSS 0.2%CVE-2026-56026MEDIUMWordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-55455MEDIUMAppsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylistEPSS 0.2%CVE-2025-59146HIGHNew API has Authenticated Server-Side Request Forgery (SSRF) issueEPSS 0.2%CVE-2025-14912MEDIUMIBM InfoSphere Information Server is vulnerable to server-side request forgeryEPSS 0.2%CVE-2025-53241MEDIUMWordPress Simplified plugin <= 1.0.11 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-15373MEDIUMEyouCMS function.php saveRemote server-side request forgeryEPSS 0.2%CVE-2026-54514MEDIUMjackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)EPSS 0.2%CVE-2026-44428LOWMCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audienceEPSS 0.2%CVE-2026-6616MEDIUMTransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgeryEPSS 0.2%CVE-2025-13588MEDIUMlKinderBueno Streamity Xtream IPTV Player proxy.php server-side request forgeryEPSS 0.2%CVE-2026-30953HIGHLinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequestEPSS 0.2%CVE-2026-45561MEDIUMRoxy-WI: SSRF in /smon/agent/<endpoint>/<server_ip> reachable to cloud metadata IPsEPSS 0.2%CVE-2025-11536MEDIUMElement Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request ForgeryEPSS 0.2%CVE-2026-49979MEDIUMAppsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP FilterEPSS 0.2%CVE-2026-6220MEDIUMHummerRisk Video File Download URL ServerService.java ServerService.addServer server-side request forgeryEPSS 0.2%CVE-2026-41914MEDIUMOpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch PathsEPSS 0.2%CVE-2026-5417MEDIUMDataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgeryEPSS 0.2%