CWE-918— Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.— MITRE CWE catalog
2,672 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 37 of 54
- CVE-2025-58441MEDIUMCVSS 6.5EG 6.52026-01-07
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since t…
- CVE-2025-58615MEDIUMCVSS 4.4EG 4.42025-09-03
Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Server Side Request Forgery.This issue affects WP Bannerize Pro: from n/a through <= 1.10.0.
- CVE-2025-58641MEDIUMCVSS 5.4EG 5.42025-09-03
Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup exitintentpopup allows Server Side Request Forgery.This issue affects Exit Intent Popup: from n/a through <= 1.0.1.
- CVE-2025-58829MEDIUMCVSS 4.9EG 4.92025-09-05
Server-Side Request Forgery (SSRF) vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Server Side Request Forgery.This issue affects Ai Auto Tool Content Writing Assistan…
- CVE-2025-58962MEDIUMCVSS 6.4EG 6.42025-09-22
Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio publitio allows Server Side Request Forgery.This issue affects Publitio: from n/a through <= 2.2.1.
- CVE-2025-58977MEDIUMCVSS 4.9EG 4.92025-09-09
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Server Side Request Forgery.This issue affects WP eBay Product Feeds: from n/a through <= 3.4.8.
- CVE-2025-59055MEDIUMCVSS 4.7EG 4.72025-09-11
InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery (SSRF) vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the …
- CVE-2025-59088HIGHCVSS 8.6EG 8.62025-11-12
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forge…
- CVE-2025-59138MEDIUMCVSS 4.9EG 4.92025-12-31
Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through <= 1.6.6.
- CVE-2025-59146HIGHCVSS 8.5EG 8.52025-10-09
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. An authenticated Server-Side Request Forgery (SSRF) vulnerability exists in versions prior to 0.9.0.5. A feature within the applicatio…
- CVE-2025-59155MEDIUMCVSS 6.9EG 6.92025-09-15
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HT…
- CVE-2025-59344HIGHCVSS 7.7EG 7.72025-09-19
AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery (SSRF) vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23.0 and lower. The extractor fetches a u…
- CVE-2025-59346MEDIUMCVSS 5.3EG 5.32025-09-17
Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery (SSRF) vulnerability that enables users to force DragonFly2’s components to make request…
- CVE-2025-59436LOWCVSS 3.2EG 3.22025-09-16
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-2…
- CVE-2025-59437LOWCVSS 3.2EG 3.22025-09-16
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE:…
- CVE-2025-59503CRITICALCVSS 10.0EG 9.92025-10-23
Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-59527HIGHCVSS 7.5EG 7.52025-09-22
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. Th…
- CVE-2025-59775HIGHCVSS 7.5EG 7.52025-12-05
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or co…
- CVE-2025-59809MEDIUMCVSS 4.3EG 4.32026-04-14
A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all ve…
- CVE-2025-59837HIGHCVSS 7.2EG 7.22025-10-28
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary UR…
- CVE-2025-60161MEDIUMCVSS 5.4EG 5.42025-09-26
Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks zoloblocks allows Server Side Request Forgery.This issue affects ZoloBlocks: from n/a through <= 2.3.11.
- CVE-2025-60175MEDIUMCVSS 4.4EG 4.42026-06-15
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
- CVE-2025-60181MEDIUMCVSS 5.4EG 5.42025-09-26
Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Server Side Request Forgery.This issue affects Silencesoft RSS Reader: from n/a through <= 0.6.
- CVE-2025-60279CRITICALCVSS 9.6EG 9.62025-10-17
A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports bas…
- CVE-2025-60319MEDIUMCVSS 6.5EG 6.52025-10-30
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).
- CVE-2025-60540MEDIUMCVSS 6.5EG 6.52025-10-14
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF).
- CVE-2025-60541HIGHCVSS 7.3EG 7.32025-11-06
A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request.
- CVE-2025-6087CRITICALCVSS 9.1EG 9.12025-06-16
A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to …
- CVE-2025-60898MEDIUMCVSS 5.8EG 5.82025-10-29
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addr…
- CVE-2025-6142MEDIUMCVSS 6.3EG 6.32025-06-16
A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The …
- CVE-2025-61488HIGHCVSS 7.6EG 7.62025-10-20
An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter
- CVE-2025-61735HIGHCVSS 7.3EG 7.32025-10-02
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to…
- CVE-2025-61768MEDIUMCVSS 5.1EG 5.12025-10-06
KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF (Server-Side Request Forgery) vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upl…
- CVE-2025-61784HIGHCVSS 8.1EG 7.62025-10-07
LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery (SSRF) vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to in…
- CVE-2025-61884HIGHCVSS 7.5EG 9.0⚠ KEV2025-10-12
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network ac…
- CVE-2025-61916HIGHCVSS 7.9EG 7.92026-01-05
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. …
- CVE-2025-62088MEDIUMCVSS 5.4EG 5.42025-12-31
Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site wp_scraper allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import…
- CVE-2025-62155HIGHCVSS 8.5EG 8.52025-11-25
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and s…
- CVE-2025-62207CRITICALCVSS 9.8EG 8.62025-11-20
Azure Monitor Elevation of Privilege Vulnerability
- CVE-2025-6242HIGHCVSS 7.1EG 7.12025-10-07
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs witho…
- CVE-2025-62427HIGHCVSS 8.7EG 8.72025-10-16
The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering package (@angular/ssr) before 1…
- CVE-2025-62505LOWCVSS 3.0EG 3.02025-10-17
LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery (SSRF) in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array t…
- CVE-2025-62612MEDIUMCVSS 5.3EG 5.32025-10-22
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.
- CVE-2025-62615CRITICALCVSS 9.8EG 9.82026-02-04
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.reques…
- CVE-2025-62616CRITICALCVSS 9.8EG 9.82026-02-04
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aioht…
- CVE-2025-62718CRITICALCVSS 9.9EG 9.92026-04-09
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trail…
- CVE-2025-62719MEDIUMCVSS 4.3EG 4.32025-11-04
LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the de…
- CVE-2025-62741MEDIUMCVSS 5.4EG 9.12026-01-22
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.
- CVE-2025-62763MEDIUMCVSS 5.0EG 5.02025-10-21
Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.
- CVE-2025-62988MEDIUMCVSS 4.9EG 4.92025-10-27
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →