VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 3 of 80
  • CVE-2026-26135CriApr 3, 2026
    risk 0.62cvss 9.6epss 0.01

    Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-60279CriOct 17, 2025
    risk 0.62cvss 9.6epss 0.00

    A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and…

  • CVE-2020-36851CriSep 25, 2025
    risk 0.62cvss epss 0.01

    Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local…

  • CVE-2018-2445CriAug 14, 2018
    risk 0.62cvss 9.6epss 0.01

    AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

  • CVE-2024-5021CriJun 19, 2024
    risk 0.61cvss 9.3epss 0.00

    The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to…

  • CVE-2023-2249HigJun 9, 2023
    risk 0.61cvss 8.8epss 0.61

    The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being…

  • CVE-2018-5752HigJun 16, 2018
    risk 0.61cvss 8.8epss 0.08

    The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations…

  • CVE-2026-2264CriMay 26, 2026
    risk 0.60cvss epss 0.00

    A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure…

  • CVE-2026-32210CriApr 23, 2026
    risk 0.60cvss 9.3epss 0.01

    Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-33340CriMar 24, 2026
    risk 0.60cvss 9.1epss 0.22

    LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in all known existing versions of `lollms-webui`. The `@router.post("/api/proxy")` endpoint allows…

  • CVE-2023-7325CriOct 30, 2025
    risk 0.60cvss epss 0.00

    Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery (SSRF) vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to…

  • CVE-2024-2796CriApr 18, 2024
    risk 0.60cvss 9.3epss 0.00

    A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.

  • CVE-2017-15644HigOct 19, 2017
    risk 0.60cvss 8.6epss 0.09

    SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.

  • CVE-2016-6483HigSep 2, 2016
    risk 0.60cvss 8.6epss 0.12

    The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1…

  • CVE-2026-50887CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl.

  • CVE-2026-31017CriApr 8, 2026
    risk 0.59cvss 9.1epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML…

  • CVE-2023-46945CriApr 8, 2026
    risk 0.59cvss 9.1epss 0.00

    QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request

  • CVE-2025-27217CriAug 21, 2025
    risk 0.59cvss 9.1epss 0.00

    A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.

  • CVE-2025-50251CriAug 13, 2025
    risk 0.59cvss 9.1epss 0.00

    Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.

  • CVE-2025-52362CriJul 21, 2025
    risk 0.59cvss 9.1epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl parameter can be bypassed, allowing a remote, unauthenticated attacker to submit a specially crafted URL