Falhas do tipo CWE-918

2.203 resultados
CVE-2026-4215MEDIUMFlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgeryEPSS 0.2%CVE-2026-6617MEDIUMlanggenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgeryEPSS 0.2%CVE-2026-12813MEDIUMactivepieces File URL file.ts handleUrlFile server-side request forgeryEPSS 0.2%CVE-2026-54401HIGHA malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges wiEPSS 0.2%CVE-2026-24048LOWBackstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`EPSS 0.2%CVE-2025-4655MEDIUMSSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0EPSS 0.2%CVE-2026-5259MEDIUMAutohomeCorp frostmourne Alarm Preview AlarmController.java server-side request forgeryEPSS 0.2%CVE-2026-47076MEDIUMSSRF allowlist bypass via percent-encoded host in hackneyEPSS 0.2%CVE-2026-2558MEDIUMGeekAI net_handler.go Download server-side request forgeryEPSS 0.2%CVE-2026-0688MEDIUMWebmention <= 5.6.2 - Authenticated (Subscriber+) Server-Side Request ForgeryEPSS 0.2%CVE-2026-10581MEDIUMDedeCMS download.php base64_decode server-side request forgeryEPSS 0.2%CVE-2026-3958MEDIUMWoahai321 ListSync JSON api_server.py requests.post server-side request forgeryEPSS 0.2%CVE-2026-7150MEDIUMdh1011 auto-favicon MCP Tool server.py generate_favicon_from_url server-side request forgeryEPSS 0.2%CVE-2026-4308MEDIUMfrdel/agent0ai agent-zero document_query.py handle_pdf_document server-side request forgeryEPSS 0.2%CVE-2026-6744MEDIUMBagisto Downloadable Link copy server-side request forgeryEPSS 0.2%CVE-2025-68458LOWwebpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behaviorEPSS 0.2%CVE-2025-68157LOWwebpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirectsEPSS 0.2%CVE-2025-48962MEDIUMSensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39EPSS 0.2%CVE-2026-22805LOWMetabase channel test endpoint can reach internal local addressesEPSS 0.2%CVE-2026-7253MEDIUMIBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File GatewayEPSS 0.2%