CWE-918— Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.— MITRE CWE catalog
2,678 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 39 of 54
- CVE-2025-68893MEDIUMCVSS 4.9EG 4.92025-12-29
Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker wp-image-shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through <= 1.1.0.
- CVE-2025-69014MEDIUMCVSS 4.9EG 4.92025-12-30
Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through <= 1.3.7.
- CVE-2025-69206MEDIUMCVSS 4.3EG 4.32025-12-29
Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook URL validation of the Secret Requests …
- CVE-2025-69222CRITICALCVSS 9.1EG 9.12026-01-07
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables user…
- CVE-2025-69299HIGHCVSS 7.2EG 7.22026-02-20
Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8.
- CVE-2025-70027HIGHCVSS 7.5EG 7.52026-03-11
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
- CVE-2025-7103HIGHCVSS 7.5EG 6.32025-07-07
A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side re…
- CVE-2025-71258MEDIUMCVSS 4.3EG 4.32026-03-19
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requ…
- CVE-2025-71259MEDIUMCVSS 4.3EG 4.32026-03-19
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the …
- CVE-2025-7622MEDIUMCVSS 5.7EG 5.72025-08-12
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
- CVE-2025-7759HIGHCVSS 8.8EG 6.32025-07-17
A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipu…
- CVE-2025-7787HIGHCVSS 8.8EG 6.32025-07-18
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation lead…
- CVE-2025-7813HIGHCVSS 7.2EG 7.22025-08-23
The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxy_image function. This makes it poss…
- CVE-2025-7843MEDIUMCVSS 6.4EG 6.42025-09-10
The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the fetch_images() function. This makes it possible for authenticated attackers, with Co…
- CVE-2025-8013LOWCVSS 3.8EG 3.82025-08-15
The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with A…
- CVE-2025-8020HIGHCVSS 8.2EG 8.22025-07-23
All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private …
- CVE-2025-8084MEDIUMCVSS 6.8EG 6.82025-11-18
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. This makes it possible for authenticated attackers, with Editor-level …
- CVE-2025-8085HIGHCVSS 8.6EG 8.62025-09-08
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
- CVE-2025-8133MEDIUMCVSS 6.3EG 6.32025-07-25
A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side …
- CVE-2025-8228HIGHCVSS 8.8EG 6.32025-07-27
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-sid…
- CVE-2025-8267MEDIUMCVSS 5.3EG 8.22025-07-28
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (…
- CVE-2025-8341MEDIUMCVSS 5.0EG 5.02025-08-04
Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to al…
- CVE-2025-8520MEDIUMCVSS 4.7EG 4.72025-08-04
A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url …
- CVE-2025-8527HIGHCVSS 8.8EG 6.32025-08-04
A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of…
- CVE-2025-8529MEDIUMCVSS 6.3EG 6.32025-08-04
A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The mani…
- CVE-2025-8675HIGHCVSS 8.8EG 4.72025-08-15
Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.
- CVE-2025-8678MEDIUMCVSS 5.9EG 5.92025-08-22
The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wp_remote_request' function. This makes it possible for authenticated attackers, with Administrator-level access …
- CVE-2025-8680MEDIUMCVSS 4.3EG 4.32025-08-15
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it possible for authenticated attackers, wit…
- CVE-2025-8772MEDIUMCVSS 4.3EG 4.32025-08-09
A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manip…
- CVE-2025-9065HIGHCVSS 8.8EG 8.82025-09-09
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing …
- CVE-2025-9269MEDIUMCVSS 6.9EG 6.92025-09-09
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a thi…
- CVE-2025-9395MEDIUMCVSS 6.3EG 6.32025-08-24
A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack re…
- CVE-2025-9402HIGHCVSS 7.2EG 4.72025-08-25
A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in serve…
- CVE-2025-9414MEDIUMCVSS 4.9EG 4.72025-08-25
A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argumen…
- CVE-2025-9522MEDIUMCVSS 5.3EG 5.32026-01-26
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.
- CVE-2025-9799MEDIUMCVSS 5.0EG 5.02025-09-01
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Pe…
- CVE-2025-9805HIGHCVSS 7.5EG 7.52025-09-02
A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forg…
- CVE-2025-9821LOWCVSS 2.7EG 2.72025-09-03
SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causin…
- CVE-2025-9862MEDIUMCVSS 6.5EG 6.52025-09-17
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
- CVE-2025-9868HIGHCVSS 8.7EG 8.72025-10-08
Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.
- CVE-2025-9960MEDIUMCVSS 6.9EG 6.92025-09-22
A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF). This issue affects is-localhost-ip: 2.0.0.
- CVE-2025-9975MEDIUMCVSS 6.8EG 6.82025-10-11
The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wp_scraper_extract_content function. This makes it possible for authenticated attackers, with Administrato…
- CVE-2026-0258MEDIUMCVSS 4.8EG 4.82026-05-13
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a …
- CVE-2026-0285MEDIUMCVSS 4.7EG 4.72026-07-09
A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal…
- CVE-2026-0532HIGHCVSS 8.6EG 8.62026-01-14
External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector…
- CVE-2026-0600MEDIUMCVSS 6.2EG 6.22026-01-14
Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potenti…
- CVE-2026-0613HIGHCVSS 7.5EG 7.52026-01-16
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzne…
- CVE-2026-0632MEDIUMCVSS 5.4EG 5.42026-02-09
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Sub…
- CVE-2026-0649MEDIUMCVSS 4.7EG 4.72026-01-07
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo lead…
- CVE-2026-0682LOWCVSS 2.2EG 2.22026-01-17
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. This makes it possible for a…
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →