CWE-918
Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-664
CVEs mapped to this weakness (1,583)
page 40 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8527 | Med | 0.41 | 6.3 | 0.00 | Aug 4, 2025 | A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component Swagger. The manipulation… | ||
| CVE-2025-8228 | Med | 0.41 | 6.3 | 0.01 | Jul 27, 2025 | A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be… | ||
| CVE-2025-8133 | Med | 0.41 | 6.3 | 0.00 | Jul 25, 2025 | A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to… | ||
| CVE-2025-7787 | Med | 0.41 | 6.3 | 0.00 | Jul 18, 2025 | A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is… | ||
| CVE-2025-7759 | Med | 0.41 | 6.3 | 0.00 | Jul 17, 2025 | A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipulation of the argument Source leads to… | ||
| CVE-2025-50125 | — | Med | 0.41 | — | 0.00 | Jul 11, 2025 | A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header. | |
| CVE-2025-7103 | Med | 0.41 | 6.3 | 0.00 | Jul 7, 2025 | A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be… | ||
| CVE-2025-6762 | Med | 0.41 | 6.3 | 0.00 | Jun 27, 2025 | A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate… | ||
| CVE-2025-6517 | Med | 0.41 | 6.3 | 0.00 | Jun 23, 2025 | A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The… | ||
| CVE-2025-6142 | Med | 0.41 | 6.3 | 0.00 | Jun 16, 2025 | A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be launched remotely. The… | ||
| CVE-2025-5276 | Hig | 0.41 | 7.4 | 0.00 | May 29, 2025 | Versions of the package mcp-markdownify-server before 1.0.0 are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown,… | ||
| CVE-2025-5140 | Med | 0.41 | 6.3 | 0.00 | May 25, 2025 | A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file com\ours\www\ehr\openPlatform1\open4ClientType\controller\ThirdMenuController.class. The… | ||
| CVE-2025-28093 | — | Med | 0.41 | 6.3 | 0.00 | Mar 28, 2025 | ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. | |
| CVE-2025-28092 | — | Med | 0.41 | 6.3 | 0.00 | Mar 28, 2025 | ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. | |
| CVE-2024-56800 | Hig | 0.41 | 7.4 | 0.00 | Dec 30, 2024 | Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to… | ||
| CVE-2024-22219 | Med | 0.41 | 6.3 | 0.00 | Aug 15, 2024 | XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code… | ||
| CVE-2024-38514 | Hig | 0.41 | 7.4 | 0.02 | Jun 28, 2024 | NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the `endpoint` GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable… | ||
| CVE-2024-33832 | Med | 0.41 | 6.3 | 0.01 | Apr 30, 2024 | OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info. | ||
| CVE-2024-1233 | Hig | 0.41 | 7.3 | 0.01 | Apr 9, 2024 | A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request… | ||
| CVE-2023-7037 | Med | 0.41 | 6.3 | 0.01 | Dec 21, 2023 | A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated… |
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component Swagger. The manipulation…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to…
- risk 0.41cvss 6.3epss 0.00
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipulation of the argument Source leads to…
- risk 0.41cvss —epss 0.00
A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be launched remotely. The…
- risk 0.41cvss 7.4epss 0.00
Versions of the package mcp-markdownify-server before 1.0.0 are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown,…
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file com\ours\www\ehr\openPlatform1\open4ClientType\controller\ThirdMenuController.class. The…
- risk 0.41cvss 6.3epss 0.00
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
- risk 0.41cvss 6.3epss 0.00
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
- risk 0.41cvss 7.4epss 0.00
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to…
- risk 0.41cvss 6.3epss 0.00
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code…
- risk 0.41cvss 7.4epss 0.02
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the `endpoint` GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable…
- risk 0.41cvss 6.3epss 0.01
OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info.
- risk 0.41cvss 7.3epss 0.01
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated…