CWE-918— Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.— MITRE CWE catalog
2,672 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 36 of 54
- CVE-2025-53018LOWCVSS 3.0EG 3.02025-06-27
Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery (SSRF) vulnerability exists in the `/api/v2/Photo::fromUrl` endpoint. This flaw lets an attacker instruct the application�…
- CVE-2025-53241MEDIUMCVSS 5.5EG 5.52025-08-14
Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11.
- CVE-2025-53250MEDIUMCVSS 6.4EG 6.42025-08-28
Server-Side Request Forgery (SSRF) vulnerability in Chartbeat Chartbeat chartbeat allows Server Side Request Forgery.This issue affects Chartbeat: from n/a through <= 2.0.7.
- CVE-2025-5327HIGHCVSS 8.8EG 6.32025-05-29
A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It …
- CVE-2025-53371CRITICALCVSS 9.1EG 9.12025-07-10
DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncom…
- CVE-2025-53457MEDIUMCVSS 4.4EG 4.42025-09-22
Server-Side Request Forgery (SSRF) vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Server Side Request Forgery.This issue affects SEO Backlink Monitor: from n/a through <= 1.8.0.
- CVE-2025-53461MEDIUMCVSS 4.4EG 4.42025-09-22
Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf image-compare-block allows Server Side Request Forgery.This issue affects Beaf: from n/a through <= 1.6.2.
- CVE-2025-53473HIGHCVSS 7.3EG 7.32025-07-07
Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.
- CVE-2025-5350MEDIUMCVSS 5.9EG 5.92025-10-24
SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to …
- CVE-2025-53641HIGHCVSS 8.2EG 8.22025-07-11
Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery (SSRF) c…
- CVE-2025-53760HIGHCVSS 7.1EG 7.12025-08-12
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
- CVE-2025-53767CRITICALCVSS 10.0EG 10.02025-08-07
Azure OpenAI Elevation of Privilege Vulnerability
- CVE-2025-53828HIGHCVSS 8.5EG 8.52026-07-06
SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 1…
- CVE-2025-53830CRITICALCVSS 9.1EG 9.12026-07-06
Anti-Virus for ownCloud is an anti-virus application for file storage, synchronization, and sharing application ownCloud. Versions of Anti-Virus for ownCloud before 1.2.3 are vulnerable to Server-Side Request Forgery (SSRF). This correspon…
- CVE-2025-54087LOWCVSS 2.6EG 2.62025-10-02
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack c…
- CVE-2025-54122CRITICALCVSS 10.0EG 10.02025-07-21
Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to a…
- CVE-2025-54132MEDIUMCVSS 4.4EG 4.42025-08-01
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sens…
- CVE-2025-54234LOWCVSS 2.7EG 2.22025-08-18
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to m…
- CVE-2025-54249MEDIUMCVSS 6.5EG 6.52025-09-09
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipu…
- CVE-2025-54370HIGHCVSS 8.7EG 8.72025-08-25
PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The v…
- CVE-2025-54381CRITICALCVSS 9.9EG 9.92025-07-29
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote …
- CVE-2025-54560LOWCVSS 3.8EG 3.82025-11-14
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure.
- CVE-2025-54590MEDIUMCVSS 6.9EG 6.92025-08-01
webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the lookup function accepts user addresses for account checking. However, the ActivityPub specification r…
- CVE-2025-54924HIGHCVSS 7.5EG 7.52025-08-20
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.
- CVE-2025-54925HIGHCVSS 7.5EG 7.52025-08-20
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.
- CVE-2025-55007LOWCVSS 3.5EG 3.52025-09-01
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the att…
- CVE-2025-5510CRITICALCVSS 9.8EG 6.32025-06-03
A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery…
- CVE-2025-55139MEDIUMCVSS 6.8EG 6.82025-09-09
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authent…
- CVE-2025-55150HIGHCVSS 8.6EG 8.62025-08-11
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to proces…
- CVE-2025-55151HIGHCVSS 8.6EG 8.62025-08-11
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, a…
- CVE-2025-55161HIGHCVSS 8.6EG 8.62025-08-11
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool t…
- CVE-2025-55971MEDIUMCVSS 4.7EG 4.72025-10-03
TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTranspo…
- CVE-2025-56520MEDIUMCVSS 5.3EG 5.32025-09-30
Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720.
- CVE-2025-56589HIGHCVSS 7.5EG 7.52026-01-22
A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files …
- CVE-2025-57055MEDIUMCVSS 6.5EG 6.52025-09-17
WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the pr…
- CVE-2025-57305MEDIUMCVSS 6.5EG 6.52025-10-02
VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp.
- CVE-2025-57644CRITICALCVSS 9.1EG 9.12025-09-19
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, i…
- CVE-2025-57814MEDIUMCVSS 5.5EG 5.52025-08-25
request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP …
- CVE-2025-57818MEDIUMCVSS 6.3EG 6.32025-08-26
Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure…
- CVE-2025-57822MEDIUMCVSS 6.5EG 6.52025-08-29
Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorre…
- CVE-2025-57943MEDIUMCVSS 4.4EG 4.42025-09-22
Server-Side Request Forgery (SSRF) vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool skimlinks allows Server Side Request Forgery.This issue affects Skimlinks Affiliate Marketing Tool: from n/a through <= 1.3.1.
- CVE-2025-57984MEDIUMCVSS 4.4EG 4.42025-09-22
Server-Side Request Forgery (SSRF) vulnerability in Pratik Ghela MakeStories (for Google Web Stories) makestories-helper allows Server Side Request Forgery.This issue affects MakeStories (for Google Web Stories): from n/a through <= 3.0.4.
- CVE-2025-58005MEDIUMCVSS 5.4EG 5.42025-09-22
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub dricub-driving-school allows Server Side Request Forgery.This issue affects DriCub: from n/a through <= 2.9.
- CVE-2025-58011MEDIUMCVSS 6.4EG 6.42025-09-22
Server-Side Request Forgery (SSRF) vulnerability in Alex Content Mask content-mask allows Server Side Request Forgery.This issue affects Content Mask: from n/a through <= 1.8.5.2.
- CVE-2025-58045CRITICALCVSS 9.8EG 9.82025-09-15
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap …
- CVE-2025-5817HIGHCVSS 7.2EG 7.22025-07-02
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web re…
- CVE-2025-58175HIGHCVSS 8.2EG 8.22026-06-12
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Requ…
- CVE-2025-58179HIGHCVSS 7.2EG 7.22025-09-05
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the g…
- CVE-2025-5818MEDIUMCVSS 5.5EG 5.52025-07-23
The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.6 via the fip_get_image_options() function. This makes it possible for …
- CVE-2025-58203MEDIUMCVSS 4.4EG 4.42025-08-27
Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra solace-extra allows Server Side Request Forgery.This issue affects Solace Extra: from n/a through <= 1.3.2.
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →