VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 66 of 80
  • CVE-2025-59436LowSep 16, 2025
    risk 0.21cvss 3.2epss 0.00

    The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.

  • CVE-2025-1447MedFeb 19, 2025
    risk 0.21cvss 4.3epss 0.00

    A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated…

  • CVE-2024-52594MedJan 16, 2025
    risk 0.21cvss 4.3epss 0.00

    Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users…

  • CVE-2024-1467MedMay 14, 2024
    risk 0.21cvss 4.3epss 0.01

    The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with…

  • CVE-2021-21288MedFeb 8, 2021
    risk 0.21cvss 4.3epss 0.01

    CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are…

  • CVE-2018-1000185MedJun 5, 2018
    risk 0.21cvss 4.3epss 0.01

    A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

  • CVE-2026-48522MedMay 28, 2026
    risk 0.20cvss 4.2epss 0.00

    PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There…

  • CVE-2026-41488LowApr 24, 2026
    risk 0.20cvss 3.1epss 0.00

    LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network…

  • CVE-2026-40566MedApr 21, 2026
    risk 0.20cvss 4.1epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection test functionality of FreeScout's `MailboxesController`. Three AJAX actions `fetch_test` (line 731),…

  • CVE-2026-39845MedApr 15, 2026
    risk 0.20cvss 4.1epss 0.00

    Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround.

  • CVE-2026-33619MedMar 26, 2026
    risk 0.20cvss 4.1epss 0.00

    PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to `POST /tasks` with a user-controlled…

  • CVE-2026-4874LowMar 26, 2026
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the…

  • CVE-2026-27795MedFeb 25, 2026
    risk 0.20cvss 4.1epss 0.00

    LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to…

  • CVE-2026-3189LowFeb 25, 2026
    risk 0.20cvss 3.1epss 0.00

    A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed…

  • CVE-2016-6001LowFeb 1, 2017
    risk 0.20cvss 3.1epss 0.01

    IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

  • CVE-2026-54514medJun 23, 2026
    risk 0.19cvss epss 0.00

    ## Summary `JDKFromStringDeserializer` constructed `InetSocketAddress` with `new InetSocketAddress(host, port)`, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an…

  • CVE-2026-47267medJun 22, 2026
    risk 0.19cvss epss 0.00

    ### Summary The fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This was already communicated in the initial report…

  • CVE-2026-44430MedMay 14, 2026
    risk 0.19cvss 4.0epss 0.00

    The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification (POST /v0/auth/http, POST /v0.1/auth/http) uses safeDialContext (internal/api/handlers/v0/auth/http.go:67-110) to…

  • CVE-2026-31804MedMar 30, 2026
    risk 0.19cvss 4.0epss 0.00

    Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without…

  • CVE-2026-1518LowFeb 2, 2026
    risk 0.18cvss 2.7epss 0.00

    A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.