Fallos del tipo CWE-918
2203 resultadosCVE-2024-55089MEDIUMRhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may coEPSS 0.2%CVE-2026-33715HIGHChamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer actionEPSS 0.2%CVE-2025-60541HIGHA Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan inEPSS 0.2%CVE-2026-4328MEDIUMAdvanced Import: One-Click Demo Import for WordPress <= 1.4.6 - Authenticated (Author+) Server-Side Request Forgery via 'demo_file' ParameterEPSS 0.2%CVE-2025-12359MEDIUMResponsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.2%CVE-2025-44043MEDIUMKeyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GEPSS 0.2%CVE-2026-45412MEDIUMMaxKB: Unauthenticated SSRF via Workflow Template ImportEPSS 0.2%CVE-2026-1015MEDIUMIBM InfoSphere Information Server is vulnerable to server-side request forgeryEPSS 0.2%CVE-2026-47382MEDIUMNocoDB: Server-Side Request Forgery via Database Connection HostEPSS 0.2%CVE-2026-54033HIGHLibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLsEPSS 0.2%CVE-2026-3966MEDIUM648540858 wvp-GB28181-pro IP Address ABLMediaNodeServerService.java getDownloadFilePath server-side request forgeryEPSS 0.2%CVE-2026-39370HIGHWWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)EPSS 0.2%CVE-2026-3683MEDIUMbufanyun HotGo Endpoint upload.go ImageTransferStorage server-side request forgeryEPSS 0.2%CVE-2026-4589MEDIUMkalcaddle kodbox fileGet Endpoint editor.class.php PathDriverUrl server-side request forgeryEPSS 0.2%CVE-2024-34580MEDIUMApache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection agaiEPSS 0.2%CVE-2026-32019LOWOpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF GuardEPSS 0.2%CVE-2026-5470MEDIUMmixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgeryEPSS 0.2%CVE-2026-6649MEDIUMQibo CMS headers server-side request forgeryEPSS 0.2%CVE-2026-42449HIGHn8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embeddersEPSS 0.2%CVE-2026-7291MEDIUMo2oa URL Fetching FileAction.java FileAction server-side request forgeryEPSS 0.2%