CWE-918— Server-Side Request Forgery (SSRF)
2,383 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 32 of 48
- CVE-2025-25194MEDIUMCVSS 4.0EG 4.02025-02-10
Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions…
- CVE-2025-25229MEDIUMCVSS 5.4EG 5.42025-08-11
Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal netwo…
- CVE-2025-25235HIGHCVSS 8.6EG 8.62025-08-11
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
- CVE-2025-25297HIGHCVSS 8.6EG 8.62025-02-14
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint configuration. When creating an S3 storag…
- CVE-2025-25301HIGHCVSS 7.5EG 7.52025-03-03
Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to vi…
- CVE-2025-25303MEDIUMCVSS 6.9EG 0.02025-03-03
The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as…
- CVE-2025-25760HIGHCVSS 7.5EG 7.52025-02-27
A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request.
- CVE-2025-25785CRITICALCVSS 9.1EG 9.12025-02-26
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.
- CVE-2025-25827MEDIUMCVSS 6.8EG 6.82025-02-26
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.
- CVE-2025-26487HIGHCVSS 8.6EG 8.62025-12-08
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge.
- CVE-2025-26494HIGHCVSS 7.7EG 7.72025-02-11
Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5.
- CVE-2025-26515HIGHCVSS 7.5EG 7.52025-09-19
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an unauthenticated…
- CVE-2025-2691HIGHCVSS 8.2EG 8.22025-03-23
Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.
- CVE-2025-26990MEDIUMCVSS 4.4EG 4.42025-04-15
Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1006.
- CVE-2025-27090MEDIUMCVSS 5.3EG 5.32025-02-19
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse…
- CVE-2025-27152MEDIUMCVSS 5.3EG 5.32025-03-07
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, po…
- CVE-2025-27217CRITICALCVSS 9.1EG 9.12025-08-21
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.
- CVE-2025-27232MEDIUMCVSS 4.9EG 4.92025-12-01
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
- CVE-2025-27406HIGHCVSS 7.6EG 7.62025-03-26
Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to em…
- CVE-2025-27430LOWCVSS 3.5EG 3.52025-03-11
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network re…
- CVE-2025-27501HIGHCVSS 8.6EG 8.62025-03-03
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect…
- CVE-2025-27600MEDIUMCVSS 6.5EG 6.52025-03-06
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intran…
- CVE-2025-27651CRITICALCVSS 9.8EG 9.82025-03-05
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014.
- CVE-2025-27652CRITICALCVSS 9.8EG 9.82025-03-05
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015.
- CVE-2025-27655CRITICALCVSS 9.8EG 9.82025-03-05
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009.
- CVE-2025-27774MEDIUMCVSS 5.3EG 5.32025-03-19
Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 156 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio serv…
- CVE-2025-27775MEDIUMCVSS 5.3EG 5.32025-03-19
Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 143 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio serv…
- CVE-2025-27776MEDIUMCVSS 5.3EG 5.32025-03-19
Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 240 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio serv…
- CVE-2025-27777HIGHCVSS 7.5EG 7.52025-03-19
Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be l…
- CVE-2025-27817HIGHCVSS 7.5EG 7.52025-06-10
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.toke…
- CVE-2025-27888MEDIUMCVSS 5.4EG 5.42025-03-20
Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Drui…
- CVE-2025-27907MEDIUMCVSS 4.1EG 4.12025-04-22
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilit…
- CVE-2025-28089CRITICALCVSS 9.1EG 9.12025-03-28
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
- CVE-2025-28090CRITICALCVSS 9.1EG 9.12025-03-28
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
- CVE-2025-28091CRITICALCVSS 9.1EG 9.12025-03-28
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
- CVE-2025-28092MEDIUMCVSS 6.3EG 6.32025-03-28
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
- CVE-2025-28093MEDIUMCVSS 6.3EG 6.32025-03-28
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
- CVE-2025-28094MEDIUMCVSS 6.5EG 6.52025-03-28
shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
- CVE-2025-28096MEDIUMCVSS 5.4EG 5.42025-03-28
OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
- CVE-2025-28197CRITICALCVSS 9.1EG 9.12025-04-18
Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
- CVE-2025-2828CRITICALCVSS 10.0EG 10.02025-06-23
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain vers…
- CVE-2025-2835MEDIUMCVSS 4.3EG 4.32025-03-27
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to …
- CVE-2025-28963MEDIUMCVSS 5.4EG 5.42025-07-04
Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Server Side Request Forgery.This issue affects URL Shortener: from n/a through <= 3.0.7.
- CVE-2025-28987MEDIUMCVSS 6.4EG 6.42025-08-14
Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through <= 5.9.5.
- CVE-2025-29008MEDIUMCVSS 4.9EG 4.92025-06-06
Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark socialmark allows Server Side Request Forgery.This issue affects SocialMark: from n/a through <= 2.0.7.
- CVE-2025-2940HIGHCVSS 7.2EG 7.22025-06-27
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers t…
- CVE-2025-29446LOWCVSS 3.3EG 3.32025-04-21
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.
- CVE-2025-29449MEDIUMCVSS 6.5EG 6.52025-04-17
An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.
- CVE-2025-29450MEDIUMCVSS 6.5EG 6.52025-04-17
An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.
- CVE-2025-29451HIGHCVSS 7.6EG 7.62025-04-17
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →