Falhas do tipo CWE-918

2.198 resultados
CVE-2025-57984MEDIUMWordPress MakeStories (for Google Web Stories) Plugin <= 3.0.4 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-62612MEDIUMFastGPT File Reading Node SSRF VulnerabilityEPSS 0.2%CVE-2026-48146HIGHBudibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist ProtectionEPSS 0.2%CVE-2024-24028MEDIUMServer Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar paraEPSS 0.2%CVE-2025-22726MEDIUMWordPress nK Themes Helper plugin <= 1.7.9 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-10056MEDIUMTask Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request ForgeryEPSS 0.2%CVE-2026-33644LOWLychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPsEPSS 0.2%CVE-2025-31993LOWHCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF)EPSS 0.2%CVE-2026-56769MEDIUMHuly Platform - Server-Side Request Forgery via /import EndpointEPSS 0.2%CVE-2024-4219MEDIUMSSRF In BeyondInsightEPSS 0.2%CVE-2025-28096MEDIUMOneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.EPSS 0.2%CVE-2026-23768MEDIUMlucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListenEPSS 0.2%CVE-2026-42260HIGHOpen-WebSearch: SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`EPSS 0.2%CVE-2026-8081MEDIUMrouter-for-me CLIProxyAPI api_tools.go server-side request forgeryEPSS 0.2%CVE-2026-41171HIGHSSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClientEPSS 0.2%CVE-2026-41172HIGHSquidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets)EPSS 0.2%CVE-2026-7605MEDIUMJeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgeryEPSS 0.2%CVE-2026-7604MEDIUMJeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgeryEPSS 0.2%CVE-2026-7729MEDIUMpixelsock directus-mcp MCP index.ts validateUrl server-side request forgeryEPSS 0.2%CVE-2025-30997MEDIUMWordPress Car Repair Services theme <= 5.0 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%