VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 10 of 80
  • CVE-2026-42596CriMay 14, 2026
    risk 0.54cvss 9.4epss 0.00

    Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such…

  • CVE-2026-42313HigMay 11, 2026
    risk 0.54cvss 8.3epss 0.00

    pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist…

  • CVE-2026-41271HigApr 23, 2026
    risk 0.54cvss 8.3epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make…

  • CVE-2026-1313HigMar 21, 2026
    risk 0.54cvss 8.3epss 0.00

    The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is…

  • CVE-2024-8099HigMar 20, 2025
    risk 0.54cvss 8.3epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as `read_csv`,…

  • CVE-2024-2663HigApr 30, 2024
    risk 0.54cvss 8.3epss 0.00

    The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating…

  • CVE-2024-22262HigApr 16, 2024
    risk 0.54cvss 8.1epss 0.01

    Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a…

  • CVE-2023-46729CriNov 10, 2023
    risk 0.54cvss 9.3epss 0.01

    sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled.…

  • CVE-2023-46229HigOct 19, 2023
    risk 0.54cvss 8.8epss 0.45

    LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

  • CVE-2018-1000055HigFeb 9, 2018
    risk 0.54cvss 8.3epss 0.01

    Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service…

  • CVE-2018-1000054HigFeb 9, 2018
    risk 0.54cvss 8.3epss 0.01

    Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

  • CVE-2026-50888HigJun 15, 2026
    risk 0.53cvss 8.1epss 0.00

    An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL.

  • CVE-2026-45503HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

  • CVE-2026-44971HigMay 27, 2026
    risk 0.53cvss 8.2epss 0.00

    GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request.…

  • CVE-2026-9312HigMay 27, 2026
    risk 0.53cvss 8.2epss 0.07

    A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal…

  • CVE-2026-42591HigMay 14, 2026
    risk 0.53cvss 8.2epss 0.00

    Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on…

  • CVE-2026-43929HigMay 12, 2026
    risk 0.53cvss 8.2epss 0.00

    ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address (e.g. http://[::ffff:127.0.0.1]/). The…

  • CVE-2026-41105HigMay 7, 2026
    risk 0.53cvss 8.1epss 0.01

    Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-27739CriFeb 25, 2026
    risk 0.53cvss epss 0.01

    The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because…

  • CVE-2025-8020HigJul 23, 2025
    risk 0.53cvss 8.2epss 0.00

    All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the package's source code.