Falhas do tipo CWE-918
2.196 resultadosCVE-2026-39361HIGHOpenObserve has a SSRF Protection Bypass via IPv6 Bracket Notation in validate_enrichment_urlEPSS 0.3%CVE-2025-53473MEDIUMServer-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploiteEPSS 0.3%CVE-2025-28092MEDIUMShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.EPSS 0.3%CVE-2026-25123MEDIUMHomarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.pingEPSS 0.3%CVE-2025-1662MEDIUMURL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS RebindingEPSS 0.3%CVE-2025-64178HIGHJellysweep uses uncontrolled data in image cache API endpointEPSS 0.3%CVE-2026-44285HIGHFastGPT: SSRF Protection Bypass via `externalFile` in Dataset Preview APIEPSS 0.3%CVE-2026-47260HIGHKoel Vulnerable to SSRF via Podcast Episode Enclosure URLsEPSS 0.3%CVE-2026-6111MEDIUMFoundationAgents MetaGPT common.py decode_image server-side request forgeryEPSS 0.3%CVE-2026-45061HIGHBudibase: SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)EPSS 0.3%CVE-2026-43979MEDIUMLocal Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)EPSS 0.3%CVE-2024-41737MEDIUMServer-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)EPSS 0.3%CVE-2024-34711CRITICALGeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)EPSS 0.3%CVE-2024-35633MEDIUMWordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2026-43986CRITICALTautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replayEPSS 0.3%CVE-2026-12798MEDIUMBerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgeryEPSS 0.3%CVE-2026-12774MEDIUMBerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgeryEPSS 0.3%CVE-2026-7084MEDIUMHBAI-Ltd Toonflow-app getCodeByLink Endpoint getCodeByLink.ts fetch server-side request forgeryEPSS 0.3%CVE-2026-56348MEDIUMn8n - Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters EndpointEPSS 0.3%CVE-2025-48383HIGHDjango-Select2 Vulnerable to Widget Instance Secret Cache Key LeakingEPSS 0.3%