CWE-918: Server-Side Request Forgery (SSRF)

This critical Server-Side Request Forgery (SSRF) vulnerability in Azure Compute Gallery allows unauthorized attackers to make internal network request...

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in Manager accounting software allows attackers to make arbitrary HTTP requests fr...

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allows attackers to make unauthorized requests to inter...

The openHAB CometVisu add-on prior to version 4.2.1 has an unauthenticated proxy endpoint that can be exploited as Server-Side Request Forgery (SSRF) ...

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lacks proper input validation, allowing attackers to ...

CVE-2023-39967 is a server-side request forgery (SSRF) vulnerability in WireMock Studio that allows attackers to make arbitrary HTTP requests from the...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to 1.2023.9. Attackers can exploit this vulnerability...

CVE-2021-27329 is a Server-Side Request Forgery (SSRF) vulnerability in Friendica's parse_url parameter that allows attackers to make DNS lookups or H...

This CVE describes an elevation of privilege vulnerability in Microsoft's Custom Question Answering service. Attackers can exploit this to gain unauth...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in BentoML's file upload system. Unauthenticated attackers can force the server ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Azure services that allows an authorized attacker to make the server send req...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in ABB industrial control system products that allows attackers to make the serv...

CVE-2023-3744 is a Server-Side Request Forgery vulnerability in SLims 9.6.0 that allows authenticated attackers to make requests to internal services ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Calibre-Web, an open-source web application for managing eBook collections. A...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Development Infrastructure Component Build Service that allows ...

CVE-2026-26339 is a critical argument injection vulnerability in Hyland Alfresco Transformation Service that allows unauthenticated attackers to execu...

This Server-Side Request Forgery (SSRF) vulnerability in Teknolist Okulistik allows attackers to make unauthorized requests from the vulnerable server...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in AutoGPT's RSSFeedBlock component. Attackers can exploit unfiltered URL inputs...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in AutoGPT's SendDiscordFileBlock component. Attackers can exploit unfiltered UR...

CVE-2025-66405 is a Server-Side Request Forgery (SSRF) vulnerability in Portkey.ai Gateway versions before 1.14.0. Attackers can manipulate the x-port...

This vulnerability in Dataease allows attackers to exploit the DB2 JDBC connection string to trigger server-side request forgery (SSRF) attacks. In Da...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Eclipse GlassFish application server. Attackers can exploit specific endpoint...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in zrlog v3.1.5 that allows attackers to make arbitrary HTTP requests from the v...

Inflectra SpiraTeam 7.2.00 contains a Server-Side Request Forgery (SSRF) vulnerability in the NewsReaderService that allows attackers to make the serv...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) that allows attackers to make unauthoriz...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) that allows attackers to make unauthoriz...

CVE-2025-22952 is a Server-Side Request Forgery (SSRF) vulnerability in elestio memos v0.23.0 that allows attackers to make unauthorized requests from...

This vulnerability allows attackers to force Ruijie Reyee OS proxy servers to make arbitrary requests, potentially accessing internal Ruijie services ...

This Server-Side Request Forgery (SSRF) vulnerability in Gradio allows attackers to force the server to make HTTP requests to arbitrary URLs, potentia...

This vulnerability in Cloud MyOffice SDK Collaborative Editing Server allows Server-Side Request Forgery (SSRF) through manipulation of MS-WOPI protoc...

An improper access control vulnerability in GroupMe allows unauthenticated attackers to elevate privileges remotely. This affects GroupMe users and po...

CVE-2024-44677 is a critical Server-Side Request Forgery (SSRF) vulnerability in eladmin v2.7 and earlier that allows authenticated attackers to make ...

SeaCMS v13.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /admin_reslib.php file via the url parameter. This allows attackers to...

CVE-2024-41570 is an unauthenticated Server-Side Request Forgery vulnerability in Havoc 2 C2 framework's demon callback handling. It allows attackers ...

Volmarg Personal Management System 1.4.64 contains a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to make the server send HT...

This SSRF vulnerability in ChuanhuChatGPT's upload processing interface allows attackers to make the server send requests to internal or external reso...

This critical vulnerability allows unauthenticated attackers to execute arbitrary code on Teledyne FLIR M300 thermal camera systems by sending a malic...

This Server-Side Request Forgery (SSRF) vulnerability in the ChatGPT-wechat-personal project allows attackers to force the application to make arbitra...

CVE-2024-23761 is a Server-Side Template Injection vulnerability in Gambio e-commerce software that allows attackers to execute arbitrary code by mani...

The ip package for Node.js before version 1.1.9 incorrectly categorizes certain IP address formats (like 0x7f.1) as globally routable via the isPublic...

CVE-2023-51467 is an authentication bypass vulnerability in Apache OFBiz that allows attackers to circumvent authentication mechanisms and remotely ex...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in MLflow that allows attackers to make unauthorized requests to internal HTTP(s...

Microcks up to version 1.17.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /jobs and /artifact/download components. Attackers ca...

A Server-Side Request Forgery (SSRF) vulnerability in OwnCast v0.1.1 allows remote attackers to execute arbitrary code and access sensitive informatio...

The WPB Show Core WordPress plugin through version 2.2 contains a server-side request forgery (SSRF) vulnerability in the 'path' parameter. This allow...

This SSRF vulnerability in Bon Presta boninstagramcarousel allows attackers to make the vulnerable server send HTTP requests to arbitrary internal or ...

This Server-Side Request Forgery (SSRF) vulnerability in Vrite allows attackers to make unauthorized requests from the server to internal or external ...

CVE-2023-41449 is a critical remote code execution vulnerability in phpkobo AjaxNewsTicker v1.0.5 that allows attackers to execute arbitrary code via ...

HP LaserJet Pro printers are vulnerable to Server-Side Request Forgery (SSRF) that could allow attackers to execute arbitrary code or gain elevated pr...

This Server-Side Request Forgery (SSRF) vulnerability in GitLab allows attackers to make the server send requests to internal network services via loo...