Falhas do tipo CWE-918
2.204 resultadosCVE-2026-55599MEDIUMphpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information AccessEPSS 0.1%CVE-2026-24360MEDIUMWordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2026-5323MEDIUMpriyankark a11y-mcp index.js A11yServer server-side request forgeryEPSS 0.1%CVE-2026-24231MEDIUMNVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-sideEPSS 0.1%CVE-2026-41854MEDIUMSpring Framework Server-Side Request Forgery via UriComponentsBuilderEPSS 0.1%CVE-2026-45366MEDIUMtypescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocolEPSS 0.1%CVE-2026-53946MEDIUMGhost: Mobiledoc image-size fetch SSRFEPSS 0.1%CVE-2026-54430MEDIUMServer-Site Request Forgery in liboauth2EPSS 0.1%CVE-2025-49335MEDIUMWordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2025-68600MEDIUMWordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2025-68893MEDIUMWordPress WordPress Image shrinker plugin <= 1.1.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2026-13751MEDIUMSnowflake CLI Server-Side Request Forgery via Arbitrary URL Fetch in !source/!loadEPSS 0.1%CVE-2024-42182LOWHCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerabilityEPSS 0.1%CVE-2025-59436LOWThe ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as EPSS 0.1%CVE-2025-59437LOWThe ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally roEPSS 0.1%CVE-2026-13316MEDIUMForeman: ssrf to cloud metada service through unvalidated test_url parameters in foreman configEPSS 0.1%CVE-2026-3588HIGHServer-Side Request Forgery (SSRF) in ikea dirigeraEPSS 0.1%CVE-2026-4339MEDIUMSSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP serverEPSS 0.1%CVE-2023-21105—In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local EPSS 0.1%CVE-2026-44363MEDIUMUnsafe remote resource fetching in expansion misp-modulesEPSS 0.1%