Falhas do tipo CWE-918
2.192 resultadosCVE-2026-39845MEDIUMWeblate: SSRF via the webhook add-on using unprotected fetch_url()EPSS 0.3%CVE-2025-60898MEDIUMAn unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacEPSS 0.3%CVE-2026-33540HIGHDistribution affected by pull-through cache credential exfiltration via www-authenticate bearer realmEPSS 0.3%CVE-2026-35516MEDIUMLinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta ProtectionEPSS 0.3%CVE-2026-21433HIGHEmlog vulnerable to Server-Side Request Forgery (SSRF)EPSS 0.3%CVE-2025-7813HIGHEvent Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request ForgeryEPSS 0.3%CVE-2025-67743MEDIUMLocal Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download ServiceEPSS 0.3%CVE-2026-33953HIGHLinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAceEPSS 0.3%CVE-2026-32096CRITICALPlunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/snsEPSS 0.3%CVE-2024-47190LOWNorthern.tech Hosted Mender before 2024.07.11 allows SSRF.EPSS 0.3%CVE-2026-6983MEDIUMpagekit download server-side request forgeryEPSS 0.3%CVE-2024-49822MEDIUMIBM QRadar Advisor server-side request forgeryEPSS 0.3%CVE-2026-42864CRITICALFireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theftEPSS 0.3%CVE-2026-33637NONEFaraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2)EPSS 0.3%CVE-2026-33675MEDIUMVikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network ResourcesEPSS 0.3%CVE-2025-70027HIGHAn issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to EPSS 0.3%CVE-2026-29178HIGHLemmy: Unauthenticated SSRF via file_type query parameter injection in image endpointEPSS 0.3%CVE-2024-54197HIGHServer-Side Request Forgery in SAP NetWeaver Administrator (System Overview)EPSS 0.3%CVE-2026-3478HIGHContent Syndication Toolkit <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' ParameterEPSS 0.3%CVE-2026-35527MEDIUMIncus blind SSRF via image import preflight HEAD requestEPSS 0.3%