VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 27 of 80
  • CVE-2025-9960MedSep 22, 2025
    risk 0.45cvss epss 0.00

    A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF). This issue affects is-localhost-ip: 2.0.0.

  • CVE-2025-9269MedSep 9, 2025
    risk 0.45cvss epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful…

  • CVE-2025-34051MedJul 1, 2025
    risk 0.45cvss epss 0.01

    A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make…

  • CVE-2024-10206MedMar 25, 2025
    risk 0.45cvss epss 0.00

    A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs.

  • CVE-2025-25303MedMar 3, 2025
    risk 0.45cvss epss 0.00

    The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to download and display to the…

  • CVE-2024-6587HigSep 13, 2024
    risk 0.45cvss 7.5epss 0.37

    A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified…

  • CVE-2017-9506MedAug 23, 2017
    risk 0.45cvss 6.1epss 0.72

    The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

  • CVE-2026-40500MedApr 15, 2026
    risk 0.44cvss 6.8epss 0.00

    ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue…

  • CVE-2025-8084MedNov 18, 2025
    risk 0.44cvss 6.8epss 0.00

    The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests…

  • CVE-2025-11674MedOct 13, 2025
    risk 0.44cvss 6.8epss 0.00

    SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information.

  • CVE-2025-9975MedOct 11, 2025
    risk 0.44cvss 6.8epss 0.00

    The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wp_scraper_extract_content function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web…

  • CVE-2025-32675MedApr 9, 2025
    risk 0.44cvss 6.8epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help seo-help allows Server Side Request Forgery.This issue affects SEO Help: from n/a through <= 6.7.9.

  • CVE-2023-26366MedOct 13, 2023
    risk 0.44cvss 6.8epss 0.01

    Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker…

  • CVE-2022-36376MedSep 9, 2022
    risk 0.44cvss 6.8epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.

  • CVE-2026-47684HigJun 16, 2026
    risk 0.43cvss 7.7epss 0.00

    Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1), allowing SSRF…

  • CVE-2026-46717HigJun 12, 2026
    risk 0.43cvss 7.7epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin (Role==0) and RoleMember (Role==1). The notification routes POST /api/v1/notification…

  • CVE-2026-47260HigJun 12, 2026
    risk 0.43cvss 7.7epss 0.00

    Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode values extracted from the RSS XML are stored directly into…

  • CVE-2026-53812HigJun 11, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via…

  • CVE-2026-47170HigJun 11, 2026
    risk 0.43cvss 7.7epss 0.00

    Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This…

  • CVE-2026-10107HigMay 29, 2026
    risk 0.43cvss 7.7epss 0.00

    MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal…