VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 51 of 80
  • CVE-2024-10207MedMar 25, 2025
    risk 0.34cvss epss 0.00

    A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs.

  • CVE-2024-12989MedDec 27, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely.…

  • CVE-2024-6538MedNov 25, 2024
    risk 0.34cvss 5.3epss 0.01

    A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't…

  • CVE-2024-34580MedJun 26, 2024
    risk 0.34cvss 5.3epss 0.00

    Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result…

  • CVE-2024-4894MedMay 15, 2024
    risk 0.34cvss 5.3epss 0.00

    ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information.

  • CVE-2022-21697MedJan 25, 2022
    risk 0.34cvss 6.3epss 0.01

    Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is…

  • CVE-2020-11980MedJun 12, 2020
    risk 0.34cvss 6.3epss 0.02

    In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the…

  • CVE-2026-45502MedJun 9, 2026
    risk 0.33cvss 5.0epss 0.00

    Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

  • CVE-2026-46561MedMay 28, 2026
    risk 0.33cvss 5.0epss 0.00

    pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An authenticated attacker can supply a URL pointing to an attacker-controlled…

  • CVE-2026-9304MedMay 23, 2026
    risk 0.33cvss 5.0epss 0.00

    A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the…

  • CVE-2026-33234MedMay 19, 2026
    risk 0.33cvss 5.0epss 0.00

    AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backend/backend/blocks/email_block.py accepts a user-supplied smtp_server (string) and…

  • CVE-2026-44441MedMay 13, 2026
    risk 0.33cvss 5.0epss 0.00

    ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in…

  • CVE-2026-3048MedMay 11, 2026
    risk 0.33cvss epss 0.00

    An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.

  • CVE-2026-36764MedApr 30, 2026
    risk 0.33cvss 5.0epss 0.00

    A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.

  • CVE-2026-35461MedApr 7, 2026
    risk 0.33cvss 5.0epss 0.00

    Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to…

  • CVE-2026-34881MedMar 31, 2026
    risk 0.33cvss 5.0epss 0.00

    OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is…

  • CVE-2026-3216MedMar 25, 2026
    risk 0.33cvss 5.0epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.

  • CVE-2026-33347MedMar 24, 2026
    risk 0.33cvss 6.1epss 0.00

    league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain…

  • CVE-2025-14793MedJan 16, 2026
    risk 0.33cvss 5.0epss 0.00

    The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web…

  • CVE-2025-62763MedOct 21, 2025
    risk 0.33cvss 5.0epss 0.00

    Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.