CWE-918: Server-Side Request Forgery (SSRF)

This SSRF vulnerability in lunary-ai/lunary allows attackers to make unauthorized server-side requests to internal or external resources by exploiting...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache CXF's Aegis DataBinding component. It allows attackers to make unautho...

This vulnerability in sentry-javascript's Next.js SDK tunnel endpoint allows attackers to send HTTP requests to arbitrary URLs and reflect responses b...

SoftVision webPDF versions before 10.0.2 contain a Server-Side Request Forgery (SSRF) vulnerability in the PDF converter function. Attackers can uploa...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Squidex's webhook functionality that allows attackers to make the server send...

This SSRF vulnerability in wbolt.com IMGspider WordPress plugin allows attackers to make the server send unauthorized requests to internal or external...

This SSRF vulnerability in the Pool Services WordPress theme allows attackers to make unauthorized requests from the vulnerable server to internal or ...

This SSRF vulnerability in the nK Themes Helper WordPress plugin allows attackers to make the vulnerable server send unauthorized requests to internal...

LibreChat version 0.8.1-rc2 has a server-side request forgery (SSRF) vulnerability in its Actions feature that allows attackers to make unauthorized r...

CVE-2024-25181 is a critical vulnerability in givanz VvvebJs 1.7.2 that allows attackers to perform Server-Side Request Forgery (SSRF) and read arbitr...

This Server-Side Request Forgery (SSRF) vulnerability in the Link Library WordPress plugin allows attackers to make unauthorized requests from the vul...

This SSRF vulnerability in the bdthemes Prime Slider WordPress plugin allows attackers to make unauthorized requests from the vulnerable server to int...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the 6Storage Rentals WordPress plugin. Attackers can exploit this to make the...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Grav CMS versions before 1.7.49.5. Attackers can exploit Twig template proces...

This vulnerability allows attackers to perform blind Server-Side Request Forgery (SSRF) attacks through the survey-import feature of ObjectPlanet Opin...

PublicCMS V5.202506.b contains a Server-Side Request Forgery (SSRF) vulnerability in the chat interface of SimpleAiAdminController. This allows attack...

Soft Serve versions before 0.11.1 have a server-side request forgery (SSRF) vulnerability where repository administrators can create webhooks that tar...

This SSRF vulnerability in ThingsBoard allows attackers to upload malicious SVG files that trigger outbound requests from the server. Attackers can ex...

This SSRF vulnerability in halo allows attackers to make the server send arbitrary HTTP requests to internal systems. Attackers can potentially access...

This Server-Side Request Forgery (SSRF) vulnerability in the UISP Application allows authenticated attackers to make unauthorized requests to internal...

This SSRF vulnerability in makeplane plane 0.23.1 allows attackers to make unauthorized requests from the server via the password recovery feature. At...

This SSRF vulnerability in PHProxy allows attackers to bypass URL validation and make unauthorized requests to internal systems. Remote unauthenticate...

A Server-Side Request Forgery (SSRF) vulnerability in the @opennextjs/cloudflare package allows unauthenticated attackers to proxy arbitrary remote co...

This vulnerability in WordPress allows administrators to make arbitrary GET requests to any URL through the 'wp_ajax_boost_proxy_ig' action. It enable...

This Server-Side Request Forgery (SSRF) vulnerability in Microsoft Power Apps allows attackers to make unauthorized requests from the server to intern...

Crawl4AI versions up to 0.4.247 contain a Server-Side Request Forgery (SSRF) vulnerability in the async_dispatcher.py component. This allows attackers...

This SSRF vulnerability in maccms10 allows attackers to make the server send arbitrary HTTP requests to internal or external systems via the 'Add Arti...

This SSRF vulnerability in maccms10 allows attackers to make the server send unauthorized requests to internal systems via the Scheduled Task function...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Edit Service Page of Apache Ranger UI. Attackers can exploit this to make...

CVE-2024-54819 is a Server-Side Request Forgery (SSRF) vulnerability in I, Librarian versions up to 5.11.1 that allows attackers to make the server se...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Adobe Document Service that allows authenticated administrators to send craft...

This SSRF vulnerability in Hopetree iZone LTS allows attackers to make the server send unauthorized requests to internal systems. It affects systems r...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache CXF's WADL service description. It allows attackers to make unauthoriz...

LyLme_spage v1.9.5 contains a Server-Side Request Forgery (SSRF) vulnerability in the get_head function that allows attackers to make arbitrary HTTP r...

This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks by exploiting improper input validation in a...

A Server-Side Request Forgery (SSRF) vulnerability in VuFind's /Upgrade/FixConfig route allows attackers to overwrite local configuration files. This ...

Plane project management tool versions before 0.17-dev have a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to make arbitrary...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in REBUILD v3.5 that allows remote attackers to make unauthorized requests from ...

This vulnerability allows attackers to perform server-side request forgery (SSRF) in Whoogle Search, enabling them to make unauthorized GET requests t...

This vulnerability in Whoogle Search allows attackers to perform server-side request forgery (SSRF) by exploiting unsanitized user input in the 'windo...

This is a path injection vulnerability in MindsDB that allows attackers to write arbitrary files to the server filesystem and delete zip/tar.gz files....

CVE-2023-48023 is a Server-Side Request Forgery (SSRF) vulnerability in the /log_proxy endpoint of Anyscale Ray versions 2.6.3 and 2.8.0. This allows ...

CVE-2022-42183 is a Server-Side Request Forgery (SSRF) vulnerability in Precisely Spectrum Spatial Analyst 20.01 that allows attackers to make unautho...

This vulnerability allows Server-Side Request Forgery (SSRF) attacks through the whois lookup tool in Best Practical RT for Incident Response (RTIR). ...

This Server-Side Request Forgery (SSRF) vulnerability in nbnbk CMS 3 allows attackers to inject arbitrary URLs into the URL parameter of the getFileBi...

Jizhicms v2.2.5 contains a Server-Side Request Forgery (SSRF) vulnerability in the PluginsController.php Index function. This allows attackers to make...

CVE-2022-31830 is a Server-Side Request Forgery (SSRF) vulnerability in Kity Minder v1.3.5 that allows attackers to make arbitrary HTTP requests from ...

CVE-2022-1379 is a URL restriction bypass vulnerability in PlantUML that allows attackers to bypass security profile restrictions and perform server-s...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Asterisk VoIP software when using STIR/SHAKEN caller ID authentication. Attac...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Calibre-Web, an open-source web application for managing eBook collections. T...