VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 65 of 80
  • CVE-2026-1356MedFeb 12, 2026
    risk 0.24cvss 4.8epss 0.00

    The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::load_image_source function. This makes it possible for unauthenticated…

  • CVE-2025-14116MedDec 5, 2025
    risk 0.24cvss 4.7epss 0.00

    A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated…

  • CVE-2023-45822LowOct 19, 2023
    risk 0.24cvss 3.7epss 0.01

    Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed…

  • CVE-2026-7471LowMay 14, 2026
    risk 0.23cvss 3.5epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control of a virtual registry upstream to make requests to internal hosts due to improper…

  • CVE-2025-27430LowMar 11, 2025
    risk 0.23cvss 3.5epss 0.00

    Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the…

  • CVE-2023-41327MedSep 6, 2023
    risk 0.23cvss 4.6epss 0.00

    WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. …

  • CVE-2020-8902LowFeb 23, 2021
    risk 0.23cvss 3.5epss 0.00

    Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot.…

  • CVE-2026-42140MedMay 4, 2026
    risk 0.22cvss 4.4epss 0.00

    PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows users to specify an alternative PlantUML server via the server parameter. However,…

  • CVE-2023-23684MedNov 13, 2023
    risk 0.22cvss 4.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.

  • CVE-2022-44730MedAug 22, 2023
    risk 0.22cvss 4.4epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

  • CVE-2026-44502MedMay 26, 2026
    risk 0.21cvss 4.3epss 0.00

    Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be (partially) bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request…

  • CVE-2026-43936MedMay 26, 2026
    risk 0.21cvss 4.3epss 0.00

    e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.

  • CVE-2026-45347MedMay 15, 2026
    risk 0.21cvss 4.3epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery (SSRF) via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the…

  • CVE-2026-41687MedMay 7, 2026
    risk 0.21cvss 4.3epss 0.00

    Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php (line 42) and endpoints/payments/add.php (line 40) uses an inline IP validation check (FILTER_FLAG_NO_PRIV_RANGE |…

  • CVE-2026-34719MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme (HTTP/HTTPS) as well as the hostname was checked. This could…

  • CVE-2026-22662MedApr 3, 2026
    risk 0.21cvss 4.3epss 0.00

    prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by…

  • CVE-2025-13393MedJan 10, 2026
    risk 0.21cvss 4.3epss 0.00

    The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize() function in the Elementor…

  • CVE-2025-14277MedDec 18, 2025
    risk 0.21cvss 4.3epss 0.00

    The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access…

  • CVE-2025-12560MedNov 6, 2025
    risk 0.21cvss 4.3epss 0.00

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access…

  • CVE-2025-59437LowSep 16, 2025
    risk 0.21cvss 3.2epss 0.00

    The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several…