CWE-918: Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Yearly Trend
Top Affected Vendors
All Server-Side Request Forgery (SSRF) CVEs (810)
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to perform Server-Side Request Forgery (SSRF) attacks t...
Mar 22, 2025The URL Media Uploader WordPress plugin has a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated attackers with author-level p...
Feb 28, 2025This Server-Side Request Forgery (SSRF) vulnerability in the Embed Any Document WordPress plugin allows authenticated attackers with Contributor acces...
Feb 20, 2025The Code Embed WordPress plugin has a Server-Side Request Forgery vulnerability that allows authenticated attackers with contributor-level access or h...
Nov 9, 2024This vulnerability in Discourse allows attackers to manipulate the FastImage library to redirect requests to internal Discourse IP addresses, potentia...
Jul 3, 2024The TablePress WordPress plugin is vulnerable to Server-Side Request Forgery (SSRF) that allows authenticated attackers with author-level access or hi...
Jun 7, 2024This vulnerability in bufanyun HotGo allows attackers to perform server-side request forgery (SSRF) attacks by manipulating the ImageTransferStorage f...
Mar 8, 2026This vulnerability allows remote attackers to perform server-side request forgery (SSRF) attacks against welovemedia FFmate versions up to 2.0.15. Att...
Mar 7, 2026This CVE describes a server-side request forgery (SSRF) vulnerability in DataLinkDC Dinky's Flink Proxy Controller. Attackers can exploit the proxyUba...
Feb 24, 2026This CVE describes a server-side request forgery (SSRF) vulnerability in Tiandy Video Surveillance System version 7.17.0. Attackers can manipulate the...
Feb 23, 2026This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in JeecgBoot 3.9.0 that allows attackers to make the server send HTTP requests t...
Feb 22, 2026This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in huggingface smolagents 1.24.0. Attackers can exploit the LocalPythonExecutor ...
Feb 18, 2026This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in GeekAI versions up to 4.2.4. Attackers can manipulate the 'url' parameter in ...
Feb 16, 2026This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in lintsinghua DeepAudit versions up to 3.0.3. Attackers can exploit this vulner...
Feb 16, 2026This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in xiweicheng TMS up to version 2.28.0. Attackers can manipulate URL parameters ...
Jan 17, 2026This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in EyouCMS versions up to 1.7.7. Attackers can exploit the saveRemote function i...
Dec 31, 2025This CVE describes a server-side request forgery (SSRF) vulnerability in YunaiV yudao-cloud's Business Process Management component. Attackers can man...
Dec 26, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Local Deep Research's download service. Attackers can submit malicious URLs t...
Dec 23, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PowerJob's network request handler. Attackers can manipulate targetIp/targetP...
Dec 11, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Yalantis uCrop Android library version 2.2.11. The vulnerability allows a...
Dec 11, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in orionsec's orion-ops software. Attackers can manipulate SSH connection parame...
Dec 1, 2025This Server-Side Request Forgery (SSRF) vulnerability in deco-cx apps allows attackers to manipulate the AnalyticsScript function's URL parameter, for...
Dec 1, 2025This CVE describes a server-side request forgery (SSRF) vulnerability in ZenTao's AI module. Attackers can exploit the makeRequest function in module/...
Nov 30, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in lKinderBueno Streamity Xtream IPTV Player versions up to 2.8. Attackers can e...
Nov 24, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WeRSS we-mp-rss Webhook module. Attackers can manipulate the web_hook_url...
Nov 14, 2025This vulnerability in SeriaWei ZKEACMS allows attackers to perform server-side request forgery (SSRF) attacks by manipulating the Data argument in the...
Sep 21, 2025This CVE describes a server-side request forgery (SSRF) vulnerability in Harness 3.3.0 that allows attackers to manipulate URL parameters in the Looku...
Sep 21, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SourceCodester Link Status Checker 1.0 where manipulation of the 'proxy' para...
Sep 14, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in CRMEB versions up to 5.6.1. Attackers can manipulate the push_token_url param...
Sep 14, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in cdevroe unmark up to version 1.9.3. Attackers can manipulate the 'url' parame...
Sep 12, 2025This is a Server-Side Request Forgery (SSRF) vulnerability in ChanCMS 3.3.0 that allows attackers to manipulate the taskUrl parameter to make the serv...
Sep 10, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SimStudioAI sim software up to version 1.0.0. Attackers can manipulate the fi...
Sep 8, 2025Authenticated users of Firecrawl could exploit a server-side request forgery (SSRF) vulnerability in the webhook functionality to send POST requests w...
Aug 26, 2025This vulnerability in wangsongyan wblog 0.0.1 allows remote attackers to perform server-side request forgery (SSRF) attacks through the RestorePost fu...
Aug 24, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the eventmesh-runtime module's WebhookUtil.java component. Attackers can expl...
Aug 20, 2025This critical vulnerability in cloudfavorites favorites-web allows attackers to perform server-side request forgery (SSRF) attacks by manipulating the...
Aug 4, 2025This critical vulnerability in Exrick xboot allows remote attackers to perform server-side request forgery (SSRF) attacks by manipulating the loginUrl...
Aug 4, 2025This critical vulnerability in ChanCMS allows attackers to perform server-side request forgery (SSRF) by manipulating the targetUrl parameter in the g...
Jul 27, 2025This critical Server-Side Request Forgery (SSRF) vulnerability in Xuxueli xxl-job allows attackers to make unauthorized requests from the vulnerable s...
Jul 18, 2025This CVE-2025-7759 is a Server-Side Request Forgery (SSRF) vulnerability in thinkgem JeeSite's UEditor image grabber component. Attackers can manipula...
Jul 17, 2025This critical Server-Side Request Forgery (SSRF) vulnerability in BoyunCMS allows attackers to make unauthorized requests from the vulnerable server t...
Jul 7, 2025This critical vulnerability in diyhi bbs allows remote attackers to perform server-side request forgery (SSRF) by manipulating the Host header in the ...
Jun 27, 2025This critical Server-Side Request Forgery (SSRF) vulnerability in Dromara MaxKey allows attackers to manipulate the Meta URL Handler to make unauthori...
Jun 23, 2025This critical vulnerability in Intera InHire allows remote attackers to perform server-side request forgery (SSRF) by manipulating the '29chcotoo9' pa...
Jun 16, 2025This critical SSRF vulnerability in quequnlong shiyi-blog allows attackers to make the server send unauthorized requests to internal or external syste...
Jun 3, 2025This critical SSRF vulnerability in chshcms mccms 2.7 allows attackers to manipulate the 'pic' parameter to make the server send unauthorized requests...
May 29, 2025This critical vulnerability in mymagicpower AIAS allows attackers to perform Server-Side Request Forgery (SSRF) by manipulating the 'url' parameter in...
Apr 8, 2025This critical vulnerability in xujiangfei admintwo 1.0 allows remote attackers to perform server-side request forgery (SSRF) attacks by manipulating t...
Apr 4, 2025This critical vulnerability in Youkefu 4.2.0 allows remote attackers to perform server-side request forgery (SSRF) attacks by manipulating the 'url' p...
Mar 31, 2025ShopXO v6.4.0 contains a Server-Side Request Forgery (SSRF) vulnerability in its email settings functionality. This allows authenticated attackers to ...
Mar 28, 2025About Server-Side Request Forgery (SSRF) (CWE-918)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Our database tracks 810 CVEs classified as CWE-918, with 169 rated critical and 306 rated high severity. The average CVSS score for Server-Side Request Forgery (SSRF) vulnerabilities is 7.2.
External reference: View CWE-918 on MITRE CWE →
Monitor Server-Side Request Forgery (SSRF) Vulnerabilities
Get alerted when new Server-Side Request Forgery (SSRF) CVEs affect your infrastructure.
Start Monitoring Free