CWE-918
Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-664
CVEs mapped to this weakness (1,583)
page 4 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47578 | — | Cri | 0.59 | 9.1 | 0.01 | Dec 10, 2024 | Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting… | |
| CVE-2023-50913 | Cri | 0.59 | 9.1 | 0.00 | Dec 5, 2024 | Oxide control plane software before 5 allows SSRF. | ||
| CVE-2024-50811 | Cri | 0.59 | 9.1 | 0.00 | Nov 8, 2024 | hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through push_urls() and get_urls(). | ||
| CVE-2024-29021 | Cri | 0.59 | 9.0 | 0.20 | Apr 18, 2024 | Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code… | ||
| CVE-2024-25864 | Cri | 0.59 | 9.1 | 0.01 | Apr 3, 2024 | Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. | ||
| CVE-2018-16444 | Cri | 0.59 | 9.1 | 0.01 | Sep 4, 2018 | An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. | ||
| CVE-2017-14611 | Cri | 0.59 | 9.1 | 0.02 | Apr 10, 2018 | SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. | ||
| CVE-2018-1000138 | Cri | 0.59 | 9.1 | 0.02 | Mar 23, 2018 | I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | ||
| CVE-2026-5921 | Hig | 0.58 | 8.9 | 0.00 | Apr 21, 2026 | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was… | ||
| CVE-2026-32871 | Cri | 0.58 | 10.0 | 0.01 | Apr 2, 2026 | FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend… | ||
| CVE-2026-34162 | Cri | 0.58 | 10.0 | 0.00 | Mar 31, 2026 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP… | ||
| CVE-2025-54122 | Cri | 0.58 | 10.0 | 0.01 | Jul 21, 2025 | Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This… | ||
| CVE-2018-3774 | — | Cri | 0.58 | 10.0 | 0.04 | Aug 12, 2018 | Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | |
| CVE-2026-45504 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2026 | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-46391 | Hig | 0.57 | — | 0.00 | Jun 5, 2026 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker… | ||
| CVE-2026-43986 | Cri | 0.57 | 9.9 | 0.00 | Jun 4, 2026 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/` route that resolves attacker-controlled entries from `image_hash_lookup` and replays them through the same server-side image fetch logic used… | ||
| CVE-2026-9813 | Cri | 0.57 | 9.9 | 0.00 | May 28, 2026 | FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request… | ||
| CVE-2026-30118 | Cri | 0.57 | 9.8 | 0.00 | May 19, 2026 | scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs,… | ||
| CVE-2026-30810 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-42864 | — | Cri | 0.57 | 9.9 | 0.00 | May 11, 2026 | FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is reachable without authentication (permission_classes = [permissions.AllowAny]). Its attachments payload is fetched server-side via… |
- risk 0.59cvss 9.1epss 0.01
Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting…
- risk 0.59cvss 9.1epss 0.00
Oxide control plane software before 5 allows SSRF.
- risk 0.59cvss 9.1epss 0.00
hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through push_urls() and get_urls().
- risk 0.59cvss 9.0epss 0.20
Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code…
- risk 0.59cvss 9.1epss 0.01
Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component.
- risk 0.59cvss 9.1epss 0.01
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
- risk 0.59cvss 9.1epss 0.02
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.
- risk 0.59cvss 9.1epss 0.02
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.
- risk 0.58cvss 8.9epss 0.00
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was…
- risk 0.58cvss 10.0epss 0.01
FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend…
- risk 0.58cvss 10.0epss 0.00
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP…
- risk 0.58cvss 10.0epss 0.01
Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This…
- risk 0.58cvss 10.0epss 0.04
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
- risk 0.57cvss 8.8epss 0.00
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss —epss 0.00
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker…
- risk 0.57cvss 9.9epss 0.00
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/` route that resolves attacker-controlled entries from `image_hash_lookup` and replays them through the same server-side image fetch logic used…
- risk 0.57cvss 9.9epss 0.00
FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request…
- risk 0.57cvss 9.8epss 0.00
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs,…
- risk 0.57cvss 8.8epss 0.00
Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 9.9epss 0.00
FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is reachable without authentication (permission_classes = [permissions.AllowAny]). Its attachments payload is fetched server-side via…