VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 13 of 80
  • CVE-2026-42965HigMay 29, 2026
    risk 0.50cvss 7.7epss 0.00

    A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy…

  • CVE-2026-42184HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme…

  • CVE-2026-39965HigMay 22, 2026
    risk 0.50cvss 7.7epss 0.00

    TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients…

  • CVE-2026-45338HigMay 15, 2026
    risk 0.50cvss 7.7epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() in backend/open_webui/utils/oauth.py (line ~1338). The function fetches…

  • CVE-2026-42141HigMay 12, 2026
    risk 0.50cvss 7.7epss 0.00

    Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make…

  • CVE-2026-43897HigMay 11, 2026
    risk 0.50cvss epss 0.00

    Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1.

  • CVE-2026-35587HigApr 21, 2026
    risk 0.50cvss 8.8epss 0.00

    Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter. The value of public_api is used…

  • CVE-2026-40150HigApr 9, 2026
    risk 0.50cvss 7.7epss 0.00

    PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are…

  • CVE-2026-29925HigMar 30, 2026
    risk 0.50cvss 7.7epss 0.00

    Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.

  • CVE-2026-23529HigJan 16, 2026
    risk 0.50cvss 7.7epss 0.00

    Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud…

  • CVE-2025-34452HigDec 18, 2025
    risk 0.50cvss epss 0.05

    Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the…

  • CVE-2025-62427HigOct 16, 2025
    risk 0.50cvss epss 0.00

    The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering package (@angular/ssr) before 19.2.18, 20.3.6, and 21.0.0-next.8. The…

  • CVE-2025-54370HigAug 25, 2025
    risk 0.50cvss epss 0.01

    PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method…

  • CVE-2024-43989HigSep 23, 2024
    risk 0.50cvss 7.5epss 0.12

    Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.This issue affects Justified Image Grid: from n/a through <= 4.6.1.

  • CVE-2024-23500HigMar 28, 2024
    risk 0.50cvss 7.7epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19.

  • CVE-2023-39313HigMar 28, 2024
    risk 0.50cvss 7.7epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

  • CVE-2023-44313HigJan 31, 2024
    risk 0.50cvss 7.6epss 0.03

    Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version…

  • CVE-2022-45362HigDec 7, 2023
    risk 0.50cvss 7.2epss 0.41

    Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0.

  • CVE-2023-29008HigApr 6, 2023
    risk 0.50cvss 8.8epss 0.00

    The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users.…

  • CVE-2023-22493HigJan 13, 2023
    risk 0.50cvss 8.8epss 0.01

    RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this…