Falhas do tipo CWE-918

2.204 resultados
CVE-2026-39521MEDIUMWordPress Nelio Content plugin <= 4.3.1 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2026-36756MEDIUMA Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan intEPSS 0.1%CVE-2025-22399HIGHDell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local accessEPSS 0.1%CVE-2022-29840MEDIUMServer Side Request Forgery Vulnerability in Western Digital My Cloud DevicesEPSS 0.1%CVE-2025-62988MEDIUMWordPress Slider Templates plugin <= 1.0.3 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2026-42641MEDIUMWordPress Share This Image plugin <= 2.14 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2026-22482MEDIUMWordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2025-69014MEDIUMWordPress Youzify plugin <= 1.3.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2025-29720MEDIUMDify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadEPSS 0.1%CVE-2026-24381MEDIUMWordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2026-53945MEDIUMGhost: Server-side request forgery via DNS rebinding in external request handlingEPSS 0.1%CVE-2025-49877MEDIUMWordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.1%CVE-2026-3341MEDIUMIBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal ServicesEPSS 0.1%CVE-2026-39695MEDIUMWordPress Podigee plugin <= 1.4.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2025-36243MEDIUMMultiple Vulnerabilities in IBM Concert Software.EPSS 0.1%CVE-2026-9557MEDIUMA Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs,EPSS 0.1%CVE-2025-58977MEDIUMWordPress WP eBay Product Feeds Plugin <= 3.4.8 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.1%CVE-2026-6333LOWSSRF via Host Header Spoofing in Custom Slash CommandsEPSS 0.1%CVE-2026-45619MEDIUMAVideo CVE-2026-43884 incomplete fix - `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD postEPSS 0.1%CVE-2024-30125MEDIUMHCL BigFix Compliance is affected by an internal server errorEPSS 0.1%