Falhas do tipo CWE-918
2.204 resultadosCVE-2025-60181MEDIUMWordPress Silencesoft RSS Reader Plugin <= 0.6 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-11970MEDIUMEmplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request ForgeryEPSS 0.2%CVE-2026-42188LOWGeyser: Server-Side Request Forgery (SSRF) via Player Head Texture URLEPSS 0.2%CVE-2026-41488LOWangchain-openai: Image token counting SSRF protection can be bypassed via DNS rebindingEPSS 0.2%CVE-2026-31974LOWBlind SSRF on OpenProject instance via webhooksEPSS 0.2%CVE-2026-56227MEDIUMCapgo - Server-Side Request Forgery via Webhook URL ValidationEPSS 0.2%CVE-2025-61916HIGHSpinnaker vulnerable to SSRF due to improper restrictions on http from user inputEPSS 0.2%CVE-2025-68500MEDIUMWordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-58203MEDIUMWordPress Solace Extra Plugin <= 1.3.2 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-7890LOWConcrete CMS 9.5.0 is vulnerable to SSRF via RSS Displayer BlockEPSS 0.2%CVE-2026-32349MEDIUMWordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-2948MEDIUMGutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'EPSS 0.2%CVE-2026-45660MEDIUMStatamic: Server-Side Request Forgery via GlideEPSS 0.2%CVE-2025-7622MEDIUMDuring an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access EPSS 0.2%CVE-2025-59138MEDIUMWordPress Genemy theme <= 1.6.6 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-42140MEDIUMServer-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameterEPSS 0.2%CVE-2026-24242HIGHNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit ofEPSS 0.1%CVE-2026-50221MEDIUMIn OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-HosEPSS 0.1%CVE-2026-10546HIGHDNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL ComponentEPSS 0.1%CVE-2026-39521MEDIUMWordPress Nelio Content plugin <= 4.3.1 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%