VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 67 of 80
  • CVE-2025-8013LowAug 15, 2025
    risk 0.18cvss 3.8epss 0.00

    The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to…

  • CVE-2024-47190LowNov 8, 2024
    risk 0.18cvss 2.7epss 0.00

    Northern.tech Hosted Mender before 2024.07.11 allows SSRF.

  • CVE-2026-44589LowMay 14, 2026
    risk 0.17cvss 3.7epss 0.00

    Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in nuxt-og-image@6.2.5 to remediate GHSA-pqhr-mp3f-hrpp (Dmitry Prokhorov / Positive Technologies, March 2026) is incomplete. It has an incomplete IPv6 prefix list and is missing…

  • CVE-2025-51591LowJul 11, 2025
    risk 0.17cvss 3.7epss 0.01

    A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable…

  • CVE-2024-11168LowNov 12, 2024
    risk 0.17cvss 3.7epss 0.01

    The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

  • CVE-2024-40632LowJul 15, 2024
    risk 0.17cvss 3.7epss 0.00

    Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to…

  • CVE-2023-48711LowNov 24, 2023
    risk 0.17cvss 3.7epss 0.00

    google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end…

  • CVE-2026-6333LowMay 18, 2026
    risk 0.16cvss 3.5epss 0.00

    Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host…

  • CVE-2026-42188LowMay 11, 2026
    risk 0.16cvss 2.4epss 0.00

    Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery (SSRF) vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the…

  • CVE-2026-33659LowApr 13, 2026
    risk 0.16cvss 3.5epss 0.00

    EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SSRF) via a DNS rebinding (TOCTOU) condition. Host validation uses…

  • CVE-2026-24048LowJan 21, 2026
    risk 0.16cvss 3.5epss 0.00

    Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the…

  • CVE-2024-42182LowJan 23, 2025
    risk 0.16cvss 2.5epss 0.00

    BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.

  • CVE-2023-32683LowJun 6, 2023
    risk 0.16cvss 3.5epss 0.01

    Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP…

  • CVE-2026-0682LowJan 17, 2026
    risk 0.14cvss 2.2epss 0.00

    The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. This makes it possible for authenticated attackers, with…

  • CVE-2025-62505LowOct 17, 2025
    risk 0.13cvss 3.0epss 0.00

    LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery (SSRF) in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value…

  • CVE-2025-53018LowJun 27, 2025
    risk 0.13cvss 3.0epss 0.00

    Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery (SSRF) vulnerability exists in the `/api/v2/Photo::fromUrl` endpoint. This flaw lets an attacker instruct the application’s backend to make HTTP requests to any…

  • CVE-2021-21311HigKEVFeb 11, 2021
    risk 0.12cvss 7.2epss 0.90

    Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version…

  • CVE-2026-22597LowJan 10, 2026
    risk 0.11cvss 2.7epss 0.00

    Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from…

  • CVE-2025-9821LowSep 3, 2025
    risk 0.11cvss 2.7epss 0.00

    SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to…

  • CVE-2025-47293LowJun 19, 2025
    risk 0.11cvss epss 0.00

    PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) attack. This allows an…