VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 26 of 80
  • CVE-2023-34370HigMar 28, 2024
    risk 0.46cvss 7.1epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from…

  • CVE-2024-0243HigFeb 26, 2024
    risk 0.46cvss 8.1epss 0.01

    With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text ) docs = loader.load() ``` An attacker in control of…

  • CVE-2023-41804HigDec 7, 2023
    risk 0.46cvss 7.1epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.

  • CVE-2023-23800HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6.

  • CVE-2023-46725HigNov 2, 2023
    risk 0.46cvss 8.1epss 0.00

    FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a…

  • CVE-2023-46124HigOct 25, 2023
    risk 0.46cvss 8.2epss 0.01

    Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing…

  • CVE-2023-37379HigAug 23, 2023
    risk 0.46cvss 8.1epss 0.01

    Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by…

  • CVE-2022-1592HigMay 5, 2022
    risk 0.46cvss 8.2epss 0.01

    Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

  • CVE-2022-1213HigApr 5, 2022
    risk 0.46cvss 8.1epss 0.01

    SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191

  • CVE-2017-3546MedApr 24, 2017
    risk 0.46cvss 6.5epss 0.10

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access…

  • CVE-2026-54353higJun 22, 2026
    risk 0.45cvss epss 0.00

    Summary Authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connection later performs a separate DNS…

  • CVE-2026-54018higJun 17, 2026
    risk 0.45cvss epss 0.00

    ### Summary The SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects (301/302)…

  • CVE-2026-54299higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Summary Astro SSR apps with prerendered error pages (`/404` or `/500` using `export const prerender = true`) fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from `request.url`, which in turn gets its origin from the incoming…

  • CVE-2026-47719higJun 8, 2026
    risk 0.45cvss epss 0.00

    ## Summary An unauthenticated attacker (Alice) connects to FUXA's Socket.IO endpoint and emits a `device-webapi-request` event whose `property.address` field names an arbitrary URL. FUXA's `DEVICE_WEBAPI_REQUEST` handler at `server/runtime/index.js:296` calls…

  • CVE-2026-47695higMay 29, 2026
    risk 0.45cvss epss 0.00

    ### Summary CC-Tweaked's HTTP API (`http.request`, `http.websocket`) blocks requests to private network ranges to prevent server-side request forgery (SSRF). This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses (`64:ff9b::/96`). An…

  • CVE-2026-44652MedMay 29, 2026
    risk 0.45cvss epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetch(url, ...). It…

  • CVE-2026-45741higMay 29, 2026
    risk 0.45cvss epss 0.00

    ### Summary `IsPublicIP` in `pkg/gotenberg/outbound.go` incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public IPs, allowing an unauthenticated attacker to reach internal destinations (e.g., cloud metadata services at `169.254.169.254`) via a…

  • CVE-2026-33626HigApr 20, 2026
    risk 0.45cvss 7.5epss 0.45

    LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary…

  • CVE-2026-5131MedApr 17, 2026
    risk 0.45cvss epss 0.00

    GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be…

  • CVE-2020-36884MedDec 10, 2025
    risk 0.45cvss epss 0.01

    BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network…