VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 15 of 80
  • CVE-2026-42281HigMay 14, 2026
    risk 0.49cvss 8.6epss 0.02

    MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal…

  • CVE-2026-6514HigMay 14, 2026
    risk 0.49cvss 7.5epss 0.00

    The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application…

  • CVE-2026-44578HigMay 13, 2026
    risk 0.49cvss 8.6epss 0.39

    Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker…

  • CVE-2026-42352HigMay 8, 2026
    risk 0.49cvss 8.6epss 0.00

    pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3.

  • CVE-2026-44116HigMay 6, 2026
    risk 0.49cvss 8.6epss 0.00

    OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API,…

  • CVE-2026-41055HigApr 21, 2026
    risk 0.49cvss 8.6epss 0.00

    WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects…

  • CVE-2026-31317HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.00

    Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

  • CVE-2026-34160HigApr 14, 2026
    risk 0.49cvss 8.6epss 0.00

    Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter…

  • CVE-2026-33752HigApr 6, 2026
    risk 0.49cvss 8.6epss 0.00

    curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as…

  • CVE-2026-34577HigApr 2, 2026
    risk 0.49cvss 8.6epss 0.00

    Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a user-supplied url query parameter and proxies the full HTTP response back to the caller. The only validation is url.endsWith('mp4'), which is…

  • CVE-2026-29954HigMar 30, 2026
    risk 0.49cvss 7.6epss 0.00

    In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when…

  • CVE-2026-30637HigMar 27, 2026
    risk 0.49cvss 7.5epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote…

  • CVE-2026-22742HigMar 27, 2026
    risk 0.49cvss 8.6epss 0.00

    Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server…

  • CVE-2025-70027HigMar 11, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information

  • CVE-2026-3588HigMar 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.

  • CVE-2026-24138HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both…

  • CVE-2025-33203HigNov 25, 2025
    risk 0.49cvss 7.6epss 0.00

    NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.

  • CVE-2025-61488HigOct 20, 2025
    risk 0.49cvss 7.6epss 0.00

    An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter

  • CVE-2025-54925HigAug 20, 2025
    risk 0.49cvss 7.5epss 0.00

    CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.

  • CVE-2025-54924HigAug 20, 2025
    risk 0.49cvss 7.5epss 0.00

    CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.