CWE-918: Server-Side Request Forgery (SSRF)

This critical SSRF vulnerability in chshcms mccms 2.7 allows attackers to manipulate the 'pic' parameter to make the server send unauthorized requests...

This critical vulnerability in mymagicpower AIAS allows attackers to perform Server-Side Request Forgery (SSRF) by manipulating the 'url' parameter in...

This critical vulnerability in xujiangfei admintwo 1.0 allows remote attackers to perform server-side request forgery (SSRF) attacks by manipulating t...

This critical vulnerability in Youkefu 4.2.0 allows remote attackers to perform server-side request forgery (SSRF) attacks by manipulating the 'url' p...

ShopXO v6.4.0 contains a Server-Side Request Forgery (SSRF) vulnerability in its email settings functionality. This allows authenticated attackers to ...

This critical vulnerability in zj1983 zz software allows attackers to perform Server-Side Request Forgery (SSRF) attacks by manipulating the 'url' par...

This critical SSRF vulnerability in zj1983 zz software allows attackers to manipulate the 'url' parameter in the sendNotice function to make the serve...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in YouDianCMS 7 that allows attackers to manipulate the curl_exec function to ma...

This CVE describes a critical Server-Side Request Forgery (SSRF) vulnerability in OTCMS 6.72. Attackers can exploit the UseCurl function in /admin/inf...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Adobe ColdFusion that allows high-privilege authenticated attackers to force ...

This vulnerability in lucy-xss-filter allows attackers to trigger server-side HEAD requests to arbitrary URLs when specific security listeners are ena...

WeKnora versions before 0.2.12 have an SSRF vulnerability in the 'Import document via URL' feature that allows attackers to bypass URL validation thro...

This vulnerability allows unauthenticated attackers to register FASP accounts with attacker-controlled base URLs that point to internal systems, forci...

The WP Crontrol WordPress plugin versions 1.17.0 to 1.19.1 contain a blind Server-Side Request Forgery (SSRF) vulnerability that allows authenticated ...

Mailpit versions before 1.29.2 contain a Server-Side Request Forgery (SSRF) vulnerability in the Link Check API that allows attackers to make the serv...

DoraCMS versions 3.1 and earlier contain a server-side request forgery (SSRF) vulnerability in the UEditor remote image fetch feature. This allows att...

CVE-2026-25765 is a Server-Side Request Forgery (SSRF) vulnerability in Faraday HTTP client library versions before 2.14.1. Attackers can exploit prot...

The LangSmith SDK distributed tracing feature is vulnerable to Server-Side Request Forgery (SSRF) via malicious HTTP headers. Attackers can inject arb...

CVE-2026-25904 is a Server-Side Request Forgery (SSRF) vulnerability in Pydantic-AI MCP Run Python tool's Deno sandbox configuration. The overly permi...

Mailpit versions before 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) through the HTML Check feature. When analyzing HTML emails, the sy...

CVE-2026-22772 is a server-side request forgery (SSRF) vulnerability in Fulcio's MetaIssuer URL validation. Attackers can bypass validation using unan...

Mailpit versions 1.28.0 and below have a Server-Side Request Forgery (SSRF) vulnerability in the /proxy endpoint that allows attackers to make HTTP GE...

A half-blind SSRF vulnerability in kube-controller-manager's Portworx StorageClass allows authorized Kubernetes users to access unprotected endpoints ...

This vulnerability allows unauthenticated attackers to perform blind server-side request forgery (SSRF) attacks through the Feedzy RSS Aggregator Word...

The WP Migrate Lite plugin for WordPress has a blind SSRF vulnerability that allows unauthenticated attackers to make arbitrary web requests from the ...

An unauthenticated SSRF vulnerability in Halo CMS 2.21 allows attackers to make the server send HTTP requests to arbitrary URLs, including internal ne...

An unauthenticated server-side request forgery vulnerability in MedDream PACS Premium allows attackers to make arbitrary HTTP requests from the vulner...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Akamai CloudTest. It allows attackers to make unauthorized requests from the ...

This vulnerability in MLflow's gateway_proxy_handler allows attackers to bypass path validation, potentially leading to server-side request forgery (S...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated attackers to make the server send requests to internal...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the worldquant-miner software up to version 1.0.9. Attackers can exploit this...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Tomofun Furbo 360 and Furbo Mini pet cameras via their GATT Interface URL Han...

This CVE describes a server-side request forgery (SSRF) vulnerability in Tomofun Furbo 360 pet cameras up to firmware version FB0035_FW_036. Attackers...

This CVE describes a server-side request forgery (SSRF) vulnerability in the Orbit Fox WordPress plugin. Attackers can force the WordPress server to m...

This Server-Side Request Forgery (SSRF) vulnerability in the kodeshpa Simplified WordPress plugin allows attackers to make the vulnerable server send ...

This Server-Side Request Forgery vulnerability in the Featured Image Plus WordPress plugin allows authenticated administrators to make arbitrary web r...

This SSRF vulnerability in Ivanti Connect Secure and Policy Secure allows authenticated administrators to make requests to internal network services f...

This vulnerability in GeoServer allows attackers to upload arbitrary files via the Coverage REST API without proper URL validation. Attackers can expl...

The Ninja Forms Webhooks plugin for WordPress has a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated administrators to make ...

This Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows attackers to make unauthorized requests from the vulnerab...

MrDoc v0.95 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in the validate_url function that allows attackers to make unautho...

The Gravity Forms WebHooks plugin for WordPress has a Server-Side Request Forgery vulnerability that allows authenticated administrators to make arbit...

This vulnerability allows authenticated WordPress administrators to perform Server-Side Request Forgery (SSRF) attacks through the Uncanny Automator p...

This is a Server-Side Request Forgery (SSRF) vulnerability in ShopXO's Uploader.php component. Attackers can manipulate the 'source' parameter to make...

IBM Concert versions 1.0.0 through 2.1.0 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauth...

This vulnerability allows authenticated GitLab users with specific permissions to make unauthorized requests to internal network services through the ...

The Fluent Forms Pro Add On Pack plugin for WordPress has a Server-Side Request Forgery vulnerability that allows authenticated users with Subscriber-...

This Server-Side Request Forgery (SSRF) vulnerability in the Grand Blog WordPress theme allows attackers to make the vulnerable server send unauthoriz...

This Server-Side Request Forgery (SSRF) vulnerability in the PhotoMe WordPress theme allows attackers to make unauthorized requests from the vulnerabl...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Electrician - Electrical Service WordPress theme. Attackers can exploit t...