CWE-918: Server-Side Request Forgery (SSRF)

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Electrician - Electrical Service WordPress theme. Attackers can exploit t...

This Server-Side Request Forgery (SSRF) vulnerability in Microsoft Office SharePoint allows authenticated attackers to make the server send requests t...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress & WooCommerce Scraper Plugin, Import Data from Any Site. It all...

This Server-Side Request Forgery (SSRF) vulnerability in the LMPixels Kerge WordPress theme allows attackers to make unauthorized requests from the vu...

The Responsive Lightbox & Gallery WordPress plugin has a Server-Side Request Forgery vulnerability that allows authenticated attackers with Author-lev...

IBM Concert versions 1.0.0 through 2.0.0 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauth...

This Server-Side Request Forgery (SSRF) vulnerability in Silencesoft RSS Reader allows attackers to make the vulnerable server send unauthorized reque...

This Server-Side Request Forgery (SSRF) vulnerability in BdThemes ZoloBlocks WordPress plugin allows attackers to make the vulnerable server send unau...

The Snow Monkey WordPress theme contains a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to make arbitrary we...

This Server-Side Request Forgery (SSRF) vulnerability in the DriCub WordPress theme allows attackers to make unauthorized requests from the vulnerable...

This Server-Side Request Forgery (SSRF) vulnerability in the Exit Intent Popup WordPress plugin allows attackers to make unauthorized requests from th...

IBM Edge Application Manager 4.5 contains a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauthorized ...

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users to make the server send requests...

This Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener allows attackers to make the vulnerable server send unautho...

Keyoti SearchUnit versions before 9.0.0 are vulnerable to Server-Side Request Forgery (SSRF) in two specific endpoints. Attackers can force the server...

This Server-Side Request Forgery (SSRF) vulnerability in the Wbcom Designs Activity Link Preview For BuddyPress WordPress plugin allows attackers to m...

This SSRF vulnerability in the Photography WordPress theme allows attackers to make the server send unauthorized requests to internal systems. It affe...

OneNav 1.1.0 contains a Server-Side Request Forgery (SSRF) vulnerability in custom headers functionality. This allows attackers to make unauthorized r...

This vulnerability in the Responsive Plus WordPress plugin allows authenticated attackers with contributor-level access or higher to perform Server-Si...

IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to ...

This Server-Side Request Forgery (SSRF) vulnerability in the Traveler Layout Essential For Elementor WordPress plugin allows attackers to make unautho...

The Multiple Page Generator Plugin (MPG) for WordPress versions up to 4.0.5 contains a Server-Side Request Forgery (SSRF) vulnerability in the 'mpg_do...

This Server-Side Request Forgery (SSRF) vulnerability in the Pixelcurve Edubin WordPress theme allows attackers to make unauthorized requests from the...

Canarytokens.org had a blind Server-Side Request Forgery (SSRF) vulnerability in its webhook alert feature that allowed attackers to map internal netw...

This SSRF vulnerability in Fluid Topics allows authenticated users to force the server to make arbitrary HTTP requests to internal and external resour...

This CVE describes a server-side request forgery (SSRF) vulnerability in IBM Datacap Navigator versions 9.1.5 through 9.1.9. An authenticated attacker...

This SSRF vulnerability in WhatsUp Gold allows authenticated users to make unauthorized HTTP requests through the HTTP Monitoring functionality. Attac...

Homarr dashboard versions before 1.54.0 contain an unauthenticated Server-Side Request Forgery (SSRF) vulnerability that allows attackers to force the...

Chamilo LMS versions before 1.11.28 contain an unauthenticated blind Server-Side Request Forgery (SSRF) vulnerability in the OpenId function. This all...

This Server-Side Request Forgery (SSRF) vulnerability in OpenText XM Fax allows attackers to make the vulnerable server send requests to internal syst...

This vulnerability in Homarr dashboard allows unauthenticated attackers to trigger server-side requests to arbitrary URLs via a public tRPC endpoint. ...

This Server-Side Request Forgery (SSRF) vulnerability in the Prince Radio Player WordPress plugin allows attackers to make unauthorized requests from ...

CVE-2026-24117 is a Server-Side Request Forgery (SSRF) vulnerability in Rekor's /api/v1/index/retrieve endpoint that allows attackers to trigger GET r...

The Nu Html Checker (validator.nu) contains a server-side request forgery (SSRF) vulnerability that allows attackers to bypass hostname-based protecti...

CVE-2021-47776 is a server-side request forgery (SSRF) vulnerability in Umbraco CMS that allows attackers to manipulate baseUrl parameters in dashboar...

CVE-2021-47715 is a server-side request forgery vulnerability in Hasura GraphQL Engine that allows attackers to inject malicious remote schema URLs th...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer that allows attackers to make unauthorized requests ...

ThinkDashboard versions 0.6.7 and below contain a blind SSRF vulnerability in the /api/ping?url= endpoint that allows attackers to make arbitrary HTTP...

This vulnerability allows unauthenticated attackers to perform Blind Server-Side Request Forgery (SSRF) attacks against WordPress sites using the MxCh...

CVE-2025-62612 is a Server-Side Request Forgery (SSRF) vulnerability in FastGPT's workflow file reading node that allows attackers to make unauthorize...

This Server-Side Request Forgery (SSRF) vulnerability in the captcha.eu WordPress plugin allows attackers to make the server send unauthorized request...

CVE-2025-10695 is a Server-Side Request Forgery (SSRF) vulnerability in OpenSupports that allows unauthenticated attackers to make arbitrary network r...

Dify v1.6.0 contains a Server-Side Request Forgery (SSRF) vulnerability in the RemoteFileUploadApi component that allows attackers to make unauthorize...

O'View MapServer developed by PilotGaea Technologies has a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated remote attacke...

This SSRF vulnerability in Salesforce Tableau Server allows attackers to make the server send requests to internal resources, potentially accessing se...

Applio voice conversion tool versions 3.2.7 and earlier contain server-side request forgery (SSRF) and arbitrary file write vulnerabilities in model_d...

Applio versions 3.2.7 and earlier contain a server-side request forgery (SSRF) vulnerability in model_download.py that allows attackers to send reques...

The Starter Templates by FancyWP WordPress plugin has a blind SSRF vulnerability that allows unauthenticated attackers to make arbitrary HTTP requests...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration's RSS feed parser. It allows attackers to redirect reque...

Imgproxy fails to block the 0.0.0.0 address even when loopback source addresses are restricted, allowing attackers to potentially access services on t...