Falhas do tipo CWE-918
2.202 resultadosCVE-2023-31456MEDIUMThere is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitEPSS 0.2%CVE-2026-3733MEDIUMxuxueli xxl-job JobInfoController.java server-side request forgeryEPSS 0.2%CVE-2026-34526MEDIUMSillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6EPSS 0.2%CVE-2024-13940MEDIUMNinja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form WebhookEPSS 0.2%CVE-2026-10586HIGHGutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.2%CVE-2026-42345HIGHFastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dotEPSS 0.2%CVE-2026-35548HIGHAn issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flEPSS 0.2%CVE-2026-31943HIGHLibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIPEPSS 0.2%CVE-2024-13845MEDIUMGravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via WebhookEPSS 0.2%CVE-2026-35461MEDIUMPapra has a Blind Server-Side Request Forgery (SSRF) via Webhook URLEPSS 0.2%CVE-2024-49336MEDIUMIBM Security Guardium server-side request forgeryEPSS 0.2%CVE-2026-27706HIGHPlane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" FeatureEPSS 0.2%CVE-2025-47484MEDIUMWordPress Display Remote Posts Block plugin <= 1.1.0 - Server Side Request Forgery (SSRF) VulnerabilityEPSS 0.2%CVE-2025-28094MEDIUMshopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.EPSS 0.2%CVE-2026-11546HIGHIBM WebSphere Application Server Liberty is affected by a server-side request forgery vulnerabilityEPSS 0.2%CVE-2026-21887HIGHOpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion FeatureEPSS 0.2%CVE-2026-3189LOWfeiyuchuixue sz-boot-parent download server-side request forgeryEPSS 0.2%CVE-2024-52579MEDIUMServer-Side Request Forgery vulnerability in various APIs in MisskeyEPSS 0.2%CVE-2026-53859MEDIUMOpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot InconsistencyEPSS 0.2%CVE-2024-38730MEDIUMWordPress Magical Addons For Elementor plugin <= 1.1.41 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%