VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 75 of 80
  • CVE-2025-9862Sep 17, 2025
    risk 0.00cvss epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

  • CVE-2025-43763Sep 8, 2025
    risk 0.00cvss epss 0.00

    A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment…

  • CVE-2025-58179Sep 4, 2025
    risk 0.00cvss epss 0.01

    Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint…

  • CVE-2025-57822Aug 29, 2025
    risk 0.00cvss epss 0.02

    Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers.…

  • CVE-2025-47700Aug 21, 2025
    risk 0.00cvss epss 0.00

    Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions

  • CVE-2024-39954Aug 20, 2025
    risk 0.00cvss epss 0.00

    CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the…

  • CVE-2025-4581Aug 9, 2025
    risk 0.00cvss epss 0.00

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF…

  • CVE-2025-54381Jul 29, 2025
    risk 0.00cvss epss 0.12

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make…

  • CVE-2024-9408Jul 16, 2025
    risk 0.00cvss epss 0.00

    In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.

  • CVE-2025-2828Jun 23, 2025
    risk 0.00cvss epss 0.14

    A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs…

  • CVE-2025-6087Jun 16, 2025
    risk 0.00cvss epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the…

  • CVE-2025-30220Jun 10, 2025
    risk 0.00cvss epss 0.51

    GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with…

  • CVE-2024-40625Jun 10, 2025
    risk 0.00cvss epss 0.00

    GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no…

  • CVE-2024-34711Jun 10, 2025
    risk 0.00cvss epss 0.00

    GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default,…

  • CVE-2025-27817Jun 10, 2025
    risk 0.00cvss epss 0.62

    A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and…

  • CVE-2024-52588May 29, 2025
    risk 0.00cvss epss 0.00

    Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2.

  • CVE-2025-47936May 20, 2025
    risk 0.00cvss epss 0.00

    TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery (CSRF), which can be exploited by adversaries to target…

  • CVE-2025-28197Apr 18, 2025
    risk 0.00cvss epss 0.00

    Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.

  • CVE-2025-32372Apr 9, 2025
    risk 0.00cvss epss 0.00

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target…

  • CVE-2025-32013Apr 6, 2025
    risk 0.00cvss epss 0.01

    LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and…