Falhas do tipo CWE-918

2.194 resultados
CVE-2026-33294MEDIUMAVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network ResourcesEPSS 0.3%CVE-2026-35527MEDIUMIncus blind SSRF via image import preflight HEAD requestEPSS 0.3%CVE-2026-50189HIGHAppsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy RouteEPSS 0.3%CVE-2026-22048HIGHStorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use MicroEPSS 0.3%CVE-2026-48764HIGHTypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypassEPSS 0.3%CVE-2024-38728HIGHWordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-10276MEDIUMhekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgeryEPSS 0.3%CVE-2026-10241MEDIUMjeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgeryEPSS 0.3%CVE-2026-46717HIGHNezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notificationEPSS 0.3%CVE-2024-53738MEDIUMWordPress Asset CleanUp: Page Speed Booster plugin <=1.3.9.8 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2021-47703MEDIUMOpenBMCS Server Side Request Forgery (SSRF) via /php/query.phpEPSS 0.3%CVE-2024-11836HIGHServer-side Request ForgeryEPSS 0.3%CVE-2026-10239MEDIUMJeecgBoot edit WordUtil.addImage server-side request forgeryEPSS 0.3%CVE-2024-30531MEDIUMWordPress Nelio Content plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-27477MEDIUMMastodon has SSRF via unvalidated FASP Provider base_urlEPSS 0.3%CVE-2025-36324MEDIUMVulnerabilities found in Watson Data IntelligenceEPSS 0.3%CVE-2026-10240MEDIUMJeecgBoot test server-side request forgeryEPSS 0.3%CVE-2026-35187HIGHpyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameterEPSS 0.3%CVE-2026-40150HIGHPraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl ToolEPSS 0.3%CVE-2025-10705MEDIUMMxChat – AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request ForgeryEPSS 0.3%