CWE-918: Server-Side Request Forgery (SSRF)

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter. Attackers with valid ...

This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks through the AI ChatBot with ChatGPT and Cont...

Astro web framework versions 2.16.0 to 5.15.4 with on-demand rendering are vulnerable to header injection attacks. Attackers can manipulate x-forwarde...

This SSRF vulnerability in Lichess lila allows remote attackers to force the server to make HTTP requests to arbitrary internal or external URLs via t...

PerfreeBlog v4.0.11 contains a Server-Side Request Forgery vulnerability in the uploadAttachByUrl API endpoint that allows attackers to make unauthori...

karakeep versions v0.26.0 to v0.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to make unauthorized requests fro...

VitaraCharts 5.3.5 contains a Server-Side Request Forgery (SSRF) vulnerability in fileLoader.jsp that allows attackers to make arbitrary HTTP requests...

WonderCMS 3.5.0 contains a Server-Side Request Forgery (SSRF) vulnerability in its custom module installation feature. Authenticated administrators ca...

A Server-Side Request Forgery (SSRF) vulnerability in Ghost allows attackers to make the server send requests to internal resources that should not be...

A server-side request forgery (SSRF) vulnerability in Liferay Portal and DXP allows attackers to manipulate custom object attachment fields to make un...

This SSRF vulnerability in Liferay DXP allows attackers to bypass domain validation and make unauthorized server requests. Attackers can potentially a...

Bottinelli Informatical Vedo Suite 2024.17 has a Server-side Request Forgery (SSRF) vulnerability in its /api_vedo/video/preview endpoint. Remote auth...

This Server-Side Request Forgery (SSRF) vulnerability in 4C Strategies Exonaut allows attackers to make unauthorized requests from the vulnerable serv...

MCCMS v2.7.0 has a server-side request forgery (SSRF) vulnerability that allows attackers to make the application send requests to internal systems an...

A Server-Side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central's modOSCE component allows attackers to manipulate parameters to access...

This CVE describes a server-side request forgery (SSRF) vulnerability in multiple WSO2 products that allows unauthenticated attackers to manipulate se...

This CVE-2025-1522 vulnerability in PostHog allows authenticated attackers to perform Server-Side Request Forgery (SSRF) through the database_schema m...

This vulnerability in Personal Management System 1.4.65 allows remote attackers to access sensitive information through the my-contacts-settings compo...

A Server-Side Request Forgery (SSRF) vulnerability in twonav v2.1.18-20241105 allows remote attackers to access internal network resources and sensiti...

A Server-Side Request Forgery (SSRF) vulnerability in Personal Management System version 1.4.65 allows remote attackers to access internal network res...

A Server-Side Request Forgery (SSRF) vulnerability in gaizhenbiao/chuanhuchatgpt allows attackers to make the application send requests to internal sy...

This SSRF vulnerability in Dify AI allows attackers to make the server send unauthorized requests to internal or external systems using the server's n...

FastGPT's web crawling plugin lacks intranet IP verification, allowing attackers to make requests to internal network resources. This could expose pri...

This SSRF vulnerability in hackney versions before 1.21.0 allows attackers to bypass URL parsing and make requests to internal systems. It affects app...

This vulnerability in Veeam Service Provider Console allows attackers to make arbitrary HTTP requests to internal network resources, potentially expos...

This CVE describes a server-side request forgery (SSRF) vulnerability in QNAP Notes Station 3 that allows authenticated attackers to read application ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Northern.tech Mender that allows attackers to make unauthorized requests from...

SparkShop versions up to 1.1.7 contain a server-side request forgery (SSRF) vulnerability that allows attackers to make the server send requests to in...

CVE-2022-25777 is a Server-Side Request Forgery (SSRF) vulnerability in Mautic that allows authenticated users to read system files and access interna...

This Server-Side Request Forgery (SSRF) vulnerability in Terminalfour allows authenticated users to abuse specific features to make requests to intern...

This vulnerability in the Page Builder Gutenberg Blocks WordPress plugin allows high-privilege users (contributors or above) to perform Server-Side Re...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Uppy file uploader library. Attackers can exploit this to make the server...

This Server-Side Request Forgery (SSRF) vulnerability in the Printful Integration for WooCommerce WordPress plugin allows authenticated attackers with...

This Server-Side Request Forgery (SSRF) vulnerability in the WPO365 Login WordPress plugin allows attackers to make unauthorized requests from the vul...

This SSRF vulnerability in OpenShift's API server allows attackers to make the server send requests to internal network resources by manipulating imag...

The WP Shortcodes Plugin — Shortcodes Ultimate for WordPress is vulnerable to Server-Side Request Forgery (SSRF) via the su_shortcode_csv_table func...

The Icon List Block WordPress plugin contains a Server-Side Request Forgery vulnerability that allows authenticated attackers with Subscriber-level ac...

The Local Syndication WordPress plugin has a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated attackers with Contributor-lev...

The WPeMatico RSS Feed Fetcher plugin for WordPress has a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users with Subscr...

The B Carousel Block WordPress plugin up to version 1.1.5 contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated attack...

The Gutenberg Essential Blocks WordPress plugin contains a Server-Side Request Forgery vulnerability that allows authenticated attackers with Author-l...

This Server-Side Request Forgery (SSRF) vulnerability in the Publitio WordPress plugin allows attackers to make unauthorized requests from the server ...

This Server-Side Request Forgery (SSRF) vulnerability in the Alex Content Mask WordPress plugin allows attackers to make unauthorized requests from th...

This SSRF vulnerability in the Auto Save Remote Images (Drafts) WordPress plugin allows authenticated attackers with Contributor-level access or highe...

This Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Cache allows attackers to make unauthorized requests from the vulnerable server to ...

This Server-Side Request Forgery (SSRF) vulnerability in the PressForward WordPress plugin allows attackers to make unauthorized requests from the ser...

The PayMaster for WooCommerce WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated attackers with Su...

This SSRF vulnerability in the Oliver Campion Display Remote Posts Block WordPress plugin allows attackers to make unauthorized requests from the serv...

This Server-Side Request Forgery (SSRF) vulnerability in the Kishan WP Link Preview WordPress plugin allows attackers to make the vulnerable server se...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to perform Server-Side Request Forgery (SSRF) attacks t...