VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 11 of 80
  • CVE-2025-3192HigApr 4, 2025
    risk 0.53cvss 8.2epss 0.00

    Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories.

  • CVE-2025-2691HigMar 23, 2025
    risk 0.53cvss 8.2epss 0.00

    Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.

  • CVE-2024-54385HigDec 16, 2024
    risk 0.53cvss 7.2epss 0.05

    Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.83.

  • CVE-2024-54330HigDec 13, 2024
    risk 0.53cvss 7.2epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through <= 2.4.

  • CVE-2024-36427HigMay 29, 2024
    risk 0.53cvss 8.1epss 0.01

    The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file.

  • CVE-2023-46784HigMay 17, 2024
    risk 0.53cvss 8.2epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS…

  • CVE-2022-40700HigJan 19, 2024
    risk 0.53cvss 8.2epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP –…

  • CVE-2020-7740HigOct 6, 2020
    risk 0.53cvss 8.2epss 0.02

    This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.

  • CVE-2020-7739HigOct 6, 2020
    risk 0.53cvss 8.2epss 0.01

    This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.

  • CVE-2020-8134HigMar 20, 2020
    risk 0.53cvss 8.1epss 0.01

    Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.

  • CVE-2018-5006HigJul 20, 2018
    risk 0.53cvss 7.5epss 0.54

    Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2017-16870HigNov 17, 2017
    risk 0.53cvss 8.1epss 0.01

    The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary

  • CVE-2017-9355HigJun 7, 2017
    risk 0.53cvss 7.4epss 0.27

    XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.

  • CVE-2026-54157criJun 16, 2026
    risk 0.52cvss epss 0.02

    ## Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com ## Summary The `/webapi/proxy` endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy…

  • CVE-2026-44313CriMay 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP…

  • CVE-2026-44694CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.00

    n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API…

  • CVE-2025-50228CriApr 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.

  • CVE-2026-35459CriApr 6, 2026
    risk 0.52cvss 9.1epss 0.00

    pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-side request forgery (SSRF) vulnerability. The fix for CVE-2026-33992 added IP validation to BaseDownloader.download() that checks the hostname of the initial…

  • CVE-2026-28798CriApr 3, 2026
    risk 0.52cvss 9.0epss 0.00

    ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's web interface can be abused (via an externally reachable domain using a Cloudflare Tunnel) to make requests…

  • CVE-2026-33990CriApr 1, 2026
    risk 0.52cvss 9.1epss 0.00

    Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the…