VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 5 of 80
  • CVE-2026-34084CriMay 5, 2026
    risk 0.57cvss 9.8epss 0.01

    PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load() is user-controlled, an attacker can…

  • CVE-2026-40089CriApr 9, 2026
    risk 0.57cvss 9.9epss 0.00

    Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability in its API client (apps/dashboard/lib/api.ts). Installations created using the provided…

  • CVE-2025-62718CriApr 9, 2026
    risk 0.57cvss 9.9epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip…

  • CVE-2026-4789CriMar 30, 2026
    risk 0.57cvss 9.8epss 0.01

    Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.

  • CVE-2025-34350HigNov 25, 2025
    risk 0.57cvss epss 0.01

    UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp'…

  • CVE-2025-9868HigOct 8, 2025
    risk 0.57cvss epss 0.00

    Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.

  • CVE-2024-12867HigDec 20, 2024
    risk 0.57cvss epss 0.00

    Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data.

  • CVE-2024-55875CriDec 12, 2024
    risk 0.57cvss 9.8epss 0.02

    http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive…

  • CVE-2024-40718HigSep 7, 2024
    risk 0.57cvss 8.8epss 0.00

    A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability.

  • CVE-2024-45258CriAug 25, 2024
    risk 0.57cvss 9.8epss 0.01

    The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.

  • CVE-2018-16793HigSep 21, 2018
    risk 0.57cvss 8.6epss 0.11

    Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

  • CVE-2018-16794HigSep 18, 2018
    risk 0.57cvss 8.6epss 0.08

    Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.

  • CVE-2018-1000553HigJun 26, 2018
    risk 0.57cvss 8.8epss 0.01

    Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit…

  • CVE-2018-10220HigApr 19, 2018
    risk 0.57cvss 8.8epss 0.02

    Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation

  • CVE-2014-3990CriMar 20, 2018
    risk 0.57cvss 9.8epss 0.07

    The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP…

  • CVE-2018-7667CriMar 5, 2018
    risk 0.57cvss 9.8epss 0.05

    Adminer through 4.3.1 has SSRF via the server parameter.

  • CVE-2018-6186HigFeb 1, 2018
    risk 0.57cvss 8.8epss 0.03

    Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.

  • CVE-2017-0907CriNov 13, 2017
    risk 0.57cvss 9.8epss 0.03

    The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical…

  • CVE-2017-0906CriNov 13, 2017
    risk 0.57cvss 9.8epss 0.03

    The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.

  • CVE-2017-0905CriNov 13, 2017
    risk 0.57cvss 9.8epss 0.03

    The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other…