Falhas do tipo CWE-918

2.203 resultados
CVE-2026-39368MEDIUMWWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal servicesEPSS 0.2%CVE-2024-38730MEDIUMWordPress Magical Addons For Elementor plugin <= 1.1.41 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-41912MEDIUMOpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered NavigationEPSS 0.2%CVE-2026-53859MEDIUMOpenClaw < 2026.5.26 - Hostname Validation Bypass via Trailing-Dot InconsistencyEPSS 0.2%CVE-2026-42181MEDIUMLemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:imageEPSS 0.2%CVE-2026-10690MEDIUMwonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgeryEPSS 0.2%CVE-2026-47170HIGHGarlic-Hub: SSRF vulnerability in uploadFromUrl endpointEPSS 0.2%CVE-2026-10177MEDIUMAider-AI Aider AWS EC2 Metadata Endpoint api_docs.py requests.get server-side request forgeryEPSS 0.2%CVE-2026-36759MEDIUMA Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scanEPSS 0.2%CVE-2026-10274MEDIUMindrasishbanerjee aem-mcp-server Axios Request Flow mcp-server.ts getAssetMetadata server-side request forgeryEPSS 0.2%CVE-2026-7305MEDIUMXuxueli xxl-job trigger Endpoint XxlJobServiceImpl.java triggerJob server-side request forgeryEPSS 0.2%CVE-2026-41905HIGHFreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata accessEPSS 0.2%CVE-2024-45843LOWWeak SSRF FilteringEPSS 0.2%CVE-2024-37208MEDIUMWordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-60541HIGHA Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan inEPSS 0.2%CVE-2024-55089MEDIUMRhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may coEPSS 0.2%CVE-2026-4328MEDIUMAdvanced Import: One-Click Demo Import for WordPress <= 1.4.6 - Authenticated (Author+) Server-Side Request Forgery via 'demo_file' ParameterEPSS 0.2%CVE-2025-44043MEDIUMKeyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GEPSS 0.2%CVE-2025-12359MEDIUMResponsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.2%CVE-2026-33715HIGHChamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer actionEPSS 0.2%