VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 62 of 80
  • CVE-2017-18036MedFeb 2, 2018
    risk 0.28cvss 4.3epss 0.01

    The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.

  • CVE-2026-46698MedJun 11, 2026
    risk 0.27cvss 5.3epss 0.00

    Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_ajax_nopriv_ftf_get_site_info (includes/Site_Info.php) that verified a nonce ftf-fediverse-embeds-nonce and then called…

  • CVE-2026-48998MedJun 11, 2026
    risk 0.27cvss 5.3epss 0.00

    guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host…

  • CVE-2026-41854MedJun 9, 2026
    risk 0.27cvss 4.2epss 0.00

    Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18.

  • CVE-2026-49328MedJun 1, 2026
    risk 0.27cvss 5.3epss 0.01

    Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are…

  • CVE-2026-10052MedMay 29, 2026
    risk 0.27cvss 4.1epss 0.00

    A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform…

  • CVE-2026-48148MedMay 27, 2026
    risk 0.27cvss epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access…

  • CVE-2026-41423MedMay 8, 2026
    risk 0.27cvss 5.3epss 0.00

    Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery (SSRF) vulnerability exists in…

  • CVE-2026-5052MedApr 17, 2026
    risk 0.27cvss 5.3epss 0.00

    Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and…

  • CVE-2026-40100MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default.…

  • CVE-2026-5323MedApr 2, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made…

  • CVE-2026-34443MedMar 31, 2026
    risk 0.27cvss 5.3epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false…

  • CVE-2026-33060MedMar 20, 2026
    risk 0.27cvss 5.3epss 0.00

    CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckan_package_search and sparql_query that accept a base_url parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no…

  • CVE-2025-10705MedOct 23, 2025
    risk 0.27cvss 5.3epss 0.00

    The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible…

  • CVE-2025-42965MedJul 8, 2025
    risk 0.27cvss 4.1epss 0.00

    SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints.…

  • CVE-2024-56275MedJan 7, 2025
    risk 0.27cvss 4.1epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14.

  • CVE-2024-1855MedMay 23, 2024
    risk 0.27cvss 5.3epss 0.00

    The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it…

  • CVE-2023-46207MedNov 13, 2023
    risk 0.27cvss 4.1epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6.

  • CVE-2023-31219MedNov 13, 2023
    risk 0.27cvss 4.1epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.

  • CVE-2023-24622MedJan 30, 2023
    risk 0.27cvss 5.3epss 0.01

    isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.