VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 2 of 80
  • CVE-2026-44335CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.00

    PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.

  • CVE-2026-8034CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname…

  • CVE-2026-2286CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.00

    CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.

  • CVE-2025-11242CriFeb 10, 2026
    risk 0.64cvss 9.8epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery. This issue affects Okulistik: through 21102025.

  • CVE-2023-53899CriDec 16, 2025
    risk 0.64cvss 9.8epss 0.00

    PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode…

  • CVE-2023-46295CriMay 1, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to the vulnerable PHP page. An attacker can elevate to root permissions with Sudo.

  • CVE-2023-1725CriMar 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery. This issue affects Project Management System: before 4.09.31.125.

  • CVE-2018-14514CriJul 23, 2018
    risk 0.64cvss 9.8epss 0.02

    An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.

  • CVE-2018-0403CriJul 18, 2018
    risk 0.64cvss 9.8epss 0.03

    Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040.

  • CVE-2018-0399CriJul 18, 2018
    risk 0.64cvss 9.8epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.

  • CVE-2018-0398CriJul 18, 2018
    risk 0.64cvss 9.8epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018.

  • CVE-2018-11031CriMay 14, 2018
    risk 0.64cvss 9.8epss 0.02

    application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.

  • CVE-2018-9919CriMay 2, 2018
    risk 0.64cvss 9.8epss 0.05

    A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDo…

  • CVE-2018-8939CriMay 1, 2018
    risk 0.64cvss 9.8epss 0.01

    An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold…

  • CVE-2017-14323CriApr 10, 2018
    risk 0.64cvss 9.8epss 0.04

    SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.

  • CVE-2017-16614CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.03

    SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.

  • CVE-2017-1000237CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.02

    I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

  • CVE-2017-0889CriNov 13, 2017
    risk 0.64cvss 9.8epss 0.03

    Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

  • CVE-2017-9458CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.02

    XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a…

  • CVE-2018-9302CriMay 2, 2018
    risk 0.63cvss 9.1epss 0.11

    SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for…