Falhas do tipo CWE-918
2.198 resultadosCVE-2025-50234MEDIUMMCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter isEPSS 0.2%CVE-2022-3841HIGHRHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoinEPSS 0.2%CVE-2025-49430HIGHWordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2026-43993HIGHJunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service accessEPSS 0.2%CVE-2026-24902HIGHTrustTunnel has SSRF and private network restriction bypass via numeric address destinationsEPSS 0.2%CVE-2025-32691MEDIUMWordPress PowerPress Podcasting plugin <= 11.12.6 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-47936LOWTYPO3 Vulnerable to Server Side Request Forgery via WebhooksEPSS 0.2%CVE-2026-46698MEDIUMFediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX actionEPSS 0.2%CVE-2026-1356MEDIUMConverter for Media – Optimize images | Convert WebP & AVIF <= 6.5.1 - Unauthenticated Server-Side Request Forgery via srcEPSS 0.2%CVE-2026-57940LOWHTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in sysEPSS 0.2%CVE-2026-49120MEDIUMMedplum < 5.1.14 SSRF via FHIR Subscription EndpointEPSS 0.2%CVE-2026-12210MEDIUMuniversal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgeryEPSS 0.2%CVE-2026-40072LOWweb3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handlingEPSS 0.2%CVE-2026-4366MEDIUMKeycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloakEPSS 0.2%CVE-2026-44286LOWFastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address ValidationEPSS 0.2%CVE-2025-13174MEDIUMrachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgeryEPSS 0.2%CVE-2026-5803MEDIUMbigsk1 openai-realtime-ui API Proxy Endpoint server.js server-side request forgeryEPSS 0.2%CVE-2026-10662MEDIUMahujasid blender-mcp ZIP File server.py requests.get server-side request forgeryEPSS 0.2%CVE-2026-34225MEDIUMOpen WebUI has Blind Server Side Request Forgery in its Image Edit FunctionalityEPSS 0.2%CVE-2026-13540MEDIUMGitBucket RepositoryCreationService.scala Git.cloneRepository.setURI server-side request forgeryEPSS 0.2%