VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 74 of 80
  • CVE-2025-61916Jan 5, 2026
    risk 0.00cvss epss 0.00

    Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into…

  • CVE-2025-67427Jan 5, 2026
    risk 0.00cvss epss 0.00

    A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter,…

  • CVE-2025-34469Dec 31, 2025
    risk 0.00cvss epss 0.01

    Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied…

  • CVE-2025-69206Dec 29, 2025
    risk 0.00cvss epss 0.00

    Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to…

  • CVE-2025-67743Dec 23, 2025
    risk 0.00cvss epss 0.00

    Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection…

  • CVE-2025-68477Dec 19, 2025
    risk 0.00cvss epss 0.06

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic…

  • CVE-2025-68150Dec 16, 2025
    risk 0.00cvss epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the `apiURL` parameter in `authData`. This…

  • CVE-2025-66407Dec 15, 2025
    risk 0.00cvss epss 0.00

    Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the…

  • CVE-2025-66844Dec 15, 2025
    risk 0.00cvss epss 0.00

    In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered

  • CVE-2025-67494Dec 9, 2025
    risk 0.00cvss epss 0.00

    ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including…

  • CVE-2025-65513Dec 9, 2025
    risk 0.00cvss epss 0.00

    fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.

  • CVE-2025-65958Dec 4, 2025
    risk 0.00cvss epss 0.04

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This…

  • CVE-2025-66405Dec 1, 2025
    risk 0.00cvss epss 0.00

    Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an…

  • CVE-2025-64525Nov 13, 2025
    risk 0.00cvss epss 0.01

    Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers `x-forwarded-proto` and `x-forwarded-port` are insecurely used, without sanitization, to build the URL. This has several consequences, the most…

  • CVE-2025-64522Nov 10, 2025
    risk 0.00cvss epss 0.00

    Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata…

  • CVE-2025-59837Oct 28, 2025
    risk 0.00cvss epss 0.00

    Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request…

  • CVE-2025-61784Oct 7, 2025
    risk 0.00cvss epss 0.00

    LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery (SSRF) vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can…

  • CVE-2025-61735Oct 2, 2025
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes…

  • CVE-2025-59527Sep 22, 2025
    risk 0.00cvss epss 0.05

    Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to…

  • CVE-2025-59346Sep 17, 2025
    risk 0.00cvss epss 0.00

    Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery (SSRF) vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are…