Fallos del tipo CWE-918
2203 resultadosCVE-2026-7604MEDIUMJeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgeryEPSS 0.2%CVE-2026-7605MEDIUMJeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgeryEPSS 0.2%CVE-2026-42345HIGHFastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dotEPSS 0.2%CVE-2026-27706HIGHPlane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" FeatureEPSS 0.2%CVE-2024-13845MEDIUMGravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via WebhookEPSS 0.2%CVE-2026-31943HIGHLibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIPEPSS 0.2%CVE-2026-35548HIGHAn issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flEPSS 0.2%CVE-2024-13940MEDIUMNinja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form WebhookEPSS 0.2%CVE-2024-49336MEDIUMIBM Security Guardium server-side request forgeryEPSS 0.2%CVE-2026-10586HIGHGutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.2%CVE-2026-34526MEDIUMSillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6EPSS 0.2%CVE-2026-35461MEDIUMPapra has a Blind Server-Side Request Forgery (SSRF) via Webhook URLEPSS 0.2%CVE-2026-21887HIGHOpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion FeatureEPSS 0.2%CVE-2025-28094MEDIUMshopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.EPSS 0.2%CVE-2026-11546HIGHIBM WebSphere Application Server Liberty is affected by a server-side request forgery vulnerabilityEPSS 0.2%CVE-2026-3189LOWfeiyuchuixue sz-boot-parent download server-side request forgeryEPSS 0.2%CVE-2025-47484MEDIUMWordPress Display Remote Posts Block plugin <= 1.1.0 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2024-52579MEDIUMServer-Side Request Forgery vulnerability in various APIs in MisskeyEPSS 0.2%CVE-2026-46417HIGHAngular: SSRF via Hostname Hijacking in @angular/platform-serverEPSS 0.2%CVE-2026-39368MEDIUMWWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal servicesEPSS 0.2%