VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 60 of 80
  • CVE-2026-28295MedFeb 26, 2026
    risk 0.28cvss 4.3epss 0.00

    A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified…

  • CVE-2026-1857MedFeb 18, 2026
    risk 0.28cvss 4.3epss 0.00

    The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items()` function of the GetResponse REST API…

  • CVE-2025-42907MedSep 23, 2025
    risk 0.28cvss 4.3epss 0.00

    SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the…

  • CVE-2025-8680MedAug 15, 2025
    risk 0.28cvss 4.3epss 0.00

    The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it possible for authenticated attackers, with subscriber-level access and above to…

  • CVE-2025-8772MedAug 9, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request…

  • CVE-2025-48962MedJun 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.

  • CVE-2025-2192MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. The manipulation of the argument inpRedirectURL leads to server-side request forgery. It is…

  • CVE-2025-2116MedMar 9, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /newsedit/newsedit/xy/imageProxy.do of the component…

  • CVE-2025-24354MedJan 27, 2025
    risk 0.28cvss 5.3epss 0.01

    imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2.

  • CVE-2025-23221MedJan 20, 2025
    risk 0.28cvss 5.4epss 0.01

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of…

  • CVE-2025-22215MedJan 8, 2025
    risk 0.28cvss 4.3epss 0.00

    VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.

  • CVE-2024-12237MedJan 3, 2025
    risk 0.28cvss 4.3epss 0.00

    The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the rjg_get_youtube_info_justified_gallery_callback function. This makes it possible for authenticated…

  • CVE-2024-12121MedDec 19, 2024
    risk 0.28cvss 5.4epss 0.00

    The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to…

  • CVE-2024-25737MedMay 22, 2024
    risk 0.28cvss 5.4epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks…

  • CVE-2024-34453MedMay 3, 2024
    risk 0.28cvss 4.3epss 0.00

    TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php).

  • CVE-2024-32812MedApr 24, 2024
    risk 0.28cvss 5.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.

  • CVE-2024-27707MedMar 7, 2024
    risk 0.28cvss 4.3epss 0.00

    Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file.

  • CVE-2023-47116MedJan 31, 2024
    risk 0.28cvss 5.3epss 0.01

    Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can…

  • CVE-2023-36388MedSep 6, 2023
    risk 0.28cvss 4.3epss 0.01

    Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.

  • CVE-2023-36387MedSep 6, 2023
    risk 0.28cvss 5.4epss 0.01

    An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.