Falhas do tipo CWE-918
2.180 resultadosCVE-2024-26476LOWAn issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereqEPSS 0.4%CVE-2024-28435MEDIUMThe CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.EPSS 0.4%CVE-2025-7787MEDIUMXuxueli xxl-job SampleXxlJob.java httpJobHandler server-side request forgeryEPSS 0.4%CVE-2024-23654MEDIUMdiscourse-ai admin-initiated SSRF when interacting with AI servicesEPSS 0.4%CVE-2024-53696MEDIUMQuLog CenterEPSS 0.4%CVE-2025-10764MEDIUMSeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgeryEPSS 0.4%CVE-2024-13195MEDIUMdonglight bookstore电商书城系统说明 HttpUtil.java getHtml server-side request forgeryEPSS 0.4%CVE-2025-52477HIGHOcto-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC FlowEPSS 0.4%CVE-2022-39055MEDIUMChanging Information Technology Inc. RAVA certificate validation system - Server-Side Request Forgery (SSRF)EPSS 0.4%CVE-2026-42043HIGHAxios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0EPSS 0.4%CVE-2024-31993MEDIUMMealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227)EPSS 0.4%CVE-2026-11437MEDIUMperfree go-fastdfs-web Installation Endpoint checkServer server-side request forgeryEPSS 0.4%CVE-2023-50733HIGHA Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.EPSS 0.4%CVE-2025-25785CRITICALJizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerabilitEPSS 0.4%CVE-2025-45872CRITICALzrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.EPSS 0.4%CVE-2026-32857HIGHFirecrawl Playwright Service SSRF Protection Bypass via Missing Post-Redirect ValidationEPSS 0.4%CVE-2024-54000HIGHMobile Security Framework (MobSF) bypass of SSRF fixEPSS 0.4%CVE-2026-34954HIGHPraisonAI: SSRF in FileTools.download_file() via Unvalidated URLEPSS 0.4%CVE-2025-28090CRITICALmaccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.EPSS 0.4%CVE-2024-6522HIGHModern Events Calendar <= 7.12.1 - Authenticated (Subscriber+) Server Side Request ForgeryEPSS 0.4%