Falhas do tipo CWE-918

2.198 resultados
CVE-2026-3681MEDIUMwelovemedia FFmate webhook.go fireWebhook server-side request forgeryEPSS 0.2%CVE-2026-57303HIGHJenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers aEPSS 0.2%CVE-2026-42346MEDIUMPostiz: TOCTOU DNS rebinding bypasses all SSRF URL validation pathsEPSS 0.2%CVE-2025-15414MEDIUMgo-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgeryEPSS 0.2%CVE-2025-5817HIGHAmazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request ForgeryEPSS 0.2%CVE-2026-8320MEDIUMjishenghua jshERP updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode server-side request forgeryEPSS 0.2%CVE-2025-42965MEDIUMServer Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management ApplicationEPSS 0.2%CVE-2025-14116MEDIUMxerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgeryEPSS 0.2%CVE-2026-41302MEDIUMOpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin DownloadEPSS 0.2%CVE-2024-48107MEDIUMSparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or loEPSS 0.2%CVE-2026-0649MEDIUMinvoiceninja Migration Import Import.php copy server-side request forgeryEPSS 0.2%CVE-2025-11467MEDIUMRSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request ForgeryEPSS 0.2%CVE-2025-42988LOWServer-Side Request Forgery in SAP Business Objects Business Intelligence PlatformEPSS 0.2%CVE-2026-39921MEDIUMGeoNode < 4.4.5, 5.0.2 SSRF via Document UploadEPSS 0.2%CVE-2024-38758MEDIUMWordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-2053HIGHUnauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API ManagerEPSS 0.2%CVE-2025-13393MEDIUMFeatured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url'EPSS 0.2%CVE-2026-22181MEDIUMOpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetchEPSS 0.2%CVE-2024-12801LOWSaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacksEPSS 0.2%CVE-2026-9006HIGHIBM WebSphere Application Server is affected by server-side request forgeryEPSS 0.2%