Falhas do tipo CWE-918

2.192 resultados
CVE-2023-32337MEDIUMIBM Maximo Spatial Asset Management server-side request forgeryEPSS 0.3%CVE-2026-27829MEDIUMAstro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSizeEPSS 0.3%CVE-2025-52186MEDIUMLichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-33321HIGHOpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)EPSS 0.3%CVE-2026-40114HIGHPraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs APIEPSS 0.3%CVE-2026-43527MEDIUMOpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network NavigationEPSS 0.3%CVE-2025-27907MEDIUMIBM WebSphere Application Server server-side request forgeryEPSS 0.3%CVE-2025-13796MEDIUMdeco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgeryEPSS 0.3%CVE-2025-14277MEDIUMPrime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request ForgeryEPSS 0.3%CVE-2026-35459CRITICALpyLoad has SSRF fix bypass via HTTP redirectEPSS 0.3%CVE-2024-13838MEDIUMUncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via WebhookEPSS 0.3%CVE-2026-7223MEDIUMBigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgeryEPSS 0.3%CVE-2026-4284MEDIUMtaoofagi easegen-admin PPT File PPTUtil.java downloadFile server-side request forgeryEPSS 0.3%CVE-2026-4953MEDIUMmingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgeryEPSS 0.3%CVE-2026-10068MEDIUMShibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgeryEPSS 0.3%CVE-2026-32110HIGHSiYuan has a Full-Read SSRF via /api/network/forwardProxyEPSS 0.3%CVE-2026-5346MEDIUMhuimeicloud hm_editor image-to-base64 Endpoint mcp-server.js client.get server-side request forgeryEPSS 0.3%CVE-2026-32111MEDIUMha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracleEPSS 0.3%CVE-2025-62719LOWLinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching FunctionalityEPSS 0.3%CVE-2026-7147MEDIUMJoeCastrom mcp-chat-studio LLM Models API llm.js server-side request forgeryEPSS 0.3%