VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 6 of 80
  • CVE-2017-1000017HigJul 17, 2017
    risk 0.57cvss 8.8epss 0.01

    phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server

  • CVE-2016-3718MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.77

    The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

  • CVE-2026-40999HigJun 11, 2026
    risk 0.56cvss 8.6epss 0.00

    When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to…

  • CVE-2026-45298HigMay 26, 2026
    risk 0.56cvss 8.6epss 0.01

    Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a…

  • CVE-2026-7412HigMay 5, 2026
    risk 0.56cvss 8.6epss 0.01

    In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP…

  • CVE-2026-26150HigApr 23, 2026
    risk 0.56cvss 8.6epss 0.01

    Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-34954HigApr 3, 2026
    risk 0.56cvss 8.6epss 0.00

    PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who…

  • CVE-2026-32857HigMar 26, 2026
    risk 0.56cvss 8.6epss 0.00

    Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations.…

  • CVE-2026-0532HigJan 14, 2026
    risk 0.56cvss 8.6epss 0.00

    External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an…

  • CVE-2026-22805HigJan 12, 2026
    risk 0.56cvss 8.6epss 0.00

    Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in…

  • CVE-2025-59088HigNov 12, 2025
    risk 0.56cvss 8.6epss 0.00

    If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker…

  • CVE-2025-5260HigAug 20, 2025
    risk 0.56cvss 8.6epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5.

  • CVE-2025-25235HigAug 11, 2025
    risk 0.56cvss 8.6epss 0.00

    Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.

  • CVE-2025-46385HigJul 20, 2025
    risk 0.56cvss 8.6epss 0.00

    CWE-918 Server-Side Request Forgery (SSRF)

  • CVE-2024-37359HigFeb 19, 2025
    risk 0.56cvss 8.6epss 0.00

    The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. (CWE-918)   Hitachi Vantara Pentaho Business Analytics…

  • CVE-2023-50733HigJan 21, 2025
    risk 0.56cvss 8.6epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.

  • CVE-2024-54819CriJan 7, 2025
    risk 0.56cvss 9.1epss 0.18

    I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php

  • CVE-2018-2463HigSep 11, 2018
    risk 0.56cvss 8.6epss 0.02

    The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.

  • CVE-2018-16409HigSep 3, 2018
    risk 0.56cvss 8.6epss 0.01

    In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.

  • CVE-2017-17697HigDec 15, 2017
    risk 0.56cvss 8.6epss 0.01

    The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.