Falhas do tipo CWE-918

2.203 resultados
CVE-2026-33185MEDIUMDiscourse: Group SMTP test endpoint susceptible to SSRFEPSS 0.2%CVE-2026-57627MEDIUMWordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-25229MEDIUMOmnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able toEPSS 0.2%CVE-2025-2987LOWIBM Maximo Asset Management server-side request forgeryEPSS 0.2%CVE-2025-36037MEDIUMIBM webMethods Integration server-side request forgeryEPSS 0.2%CVE-2025-22672MEDIUMWordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.2 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-30964MEDIUMWordPress Photography theme < 7.7.6 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-29049MEDIUMmelange: unbounded HTTP download in `melange update-cache` can exhaust disk in CIEPSS 0.2%CVE-2026-41689MEDIUMWallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal servicesEPSS 0.2%CVE-2026-7325HIGHImproper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain aEPSS 0.2%CVE-2025-55007LOWKnowage vulnerable to server-side request forgeryEPSS 0.2%CVE-2026-46561MEDIUMpyLoad: SSRF via HTTP Redirect Bypass in parse_urls APIEPSS 0.2%CVE-2026-46548MEDIUMNocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)EPSS 0.2%CVE-2025-67989MEDIUMWordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-32357MEDIUMWordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-67427MEDIUMA Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server toEPSS 0.2%CVE-2025-62088MEDIUMWordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-46511MEDIUMWordPress BeerXML Shortcode plugin <= 0.7.1 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-48153HIGHBudibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadataEPSS 0.2%CVE-2025-47700LOWAI plugin APIs can be triggered using post actionsEPSS 0.2%