CWE-918: Server-Side Request Forgery (SSRF)

This CVE-2025-59088 vulnerability in kdcproxy allows attackers to perform server-side request forgery (SSRF) by sending requests for realms without de...

The Ditty WordPress plugin before version 3.1.58 has an authentication bypass vulnerability in its displayItems endpoint. This allows unauthenticated ...

This Server-Side Request Forgery (SSRF) vulnerability in Pik Online allows attackers to make unauthorized requests from the vulnerable server to inter...

CVE-2025-55161 is a Server-Side Request Forgery (SSRF) vulnerability in Stirling-PDF's Markdown-to-PDF conversion endpoint. Attackers can bypass secur...

CVE-2025-55150 is a Server-Side Request Forgery (SSRF) vulnerability in Stirling-PDF's HTML-to-PDF conversion endpoint. Attackers can bypass security ...

This CVE describes a pre-authentication blind Server-Side Request Forgery (SSRF) vulnerability in Liferay Portal and DXP. Attackers can force vulnerab...

This Server-Side Request Forgery (SSRF) vulnerability in Eveo URVE Web Manager allows attackers to make the application server send requests to intern...

Octo-STS versions before v0.5.3 are vulnerable to unauthenticated server-side request forgery (SSRF) via malicious OpenID Connect tokens. Attackers ca...

This CVE describes a server-side request forgery (SSRF) vulnerability in a-blog CMS that allows remote unauthenticated attackers to make the server se...

This is a Server-Side Request Forgery (SSRF) vulnerability in Hitachi Vantara Pentaho Business Analytics Server where the server doesn't validate the ...

Label Studio versions before 1.16.0 contain a Server-Side Request Forgery (SSRF) vulnerability in the S3 storage integration feature. Attackers can ex...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Nuxt Icon's API endpoint. Attackers can manipulate the proxied request path t...

This Server-Side Request Forgery (SSRF) vulnerability in Rocket.Chat's Twilio webhook endpoint allows attackers to make unauthorized requests to inter...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Strapi v4.24.4 that allows attackers to make unauthorized requests from the s...

A Server-Side Request Forgery (SSRF) vulnerability in gradio-app/gradio version 4.21.0 allows attackers to make unauthorized HTTP requests from the vu...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0 that allows remote unauthenticated attackers to make the server ...

CVE-2023-46236 is a server-side request forgery (SSRF) vulnerability in FOG Project that allows unauthenticated attackers to make arbitrary GET reques...

This vulnerability in GeoServer's OGC Web Processing Service (WPS) allows Server-Side Request Forgery (SSRF), enabling attackers to make unauthorized ...

This CVE allows attackers to perform Server-Side Request Forgery (SSRF) attacks against GeoServer instances with dynamic styling enabled but without U...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Plane project management software. Attackers with workspace ADMIN privileges ...

This Server-Side Request Forgery (SSRF) vulnerability in SillyTavern allows authenticated users to make arbitrary HTTP requests from the server and re...

Open WebUI versions before 0.6.37 contain a Server-Side Request Forgery (SSRF) vulnerability that allows any authenticated user to make the server sen...

This CVE describes a Server-Side Request Forgery (SSRF) bypass vulnerability in New API (an LLM gateway and AI asset management system). Attackers can...

An authenticated Server-Side Request Forgery (SSRF) vulnerability in New API versions before 0.9.0.5 allows authenticated users to make the server sen...

This vulnerability allows authenticated users in GitLab to inject crafted sequences that bypass proxy environment restrictions, enabling unintended in...

The Modern Events Calendar WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated attackers with Subsc...

An authenticated attacker can bypass SSRF protection in Microsoft Copilot Studio to make unauthorized requests to internal network resources, potentia...

This vulnerability in Pi-hole allows authenticated users to make internal requests to the server via the gravity_DownloadBlocklistFromUrl() function, ...

The ElementsKit PRO WordPress plugin versions up to 3.6.2 contain a Server-Side Request Forgery (SSRF) vulnerability in the 'render_raw' function. Thi...

The MemberPress WordPress plugin contains a blind server-side request forgery (SSRF) vulnerability that allows authenticated attackers with Contributo...

This vulnerability in the Kadence Blocks WordPress plugin allows authenticated attackers with contributor-level access or higher to perform Server-Sid...

Pega Platform versions 8.2.1 through 23.1.0 contain a server-side request forgery (SSRF) vulnerability in the PDF generation functionality. This allow...

OpenClaw versions before 2026.2.14 contain a server-side request forgery vulnerability in the Tlon Urbit extension. Attackers who can influence the co...

This SSRF vulnerability in vanna-ai/vanna with DuckDB allows attackers to execute crafted SQL queries that abuse DuckDB's file reading functions to ma...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PostHog's database_schema method that allows authenticated attackers to make ...

The Mapplic and Mapplic Lite WordPress plugins contain a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to make requests from ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in cBioPortal's proxy endpoint. Unauthenticated attackers can exploit publicly e...

CVE-2020-24139 is a server-side request forgery (SSRF) vulnerability in Wcms 0.3.2 that allows attackers to make arbitrary HTTP requests from the vuln...

CVE-2025-68696 is a Server-Side Request Forgery (SSRF) vulnerability in the httparty Ruby gem that allows attackers to make unauthorized requests to i...

The ssrfcheck package versions before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete IP address denylist that fails t...

The private-ip npm package is vulnerable to Server-Side Request Forgery (SSRF) because it fails to properly validate multicast IP addresses (224.0.0.0...

This SSRF vulnerability in spatie/browsershot allows attackers to make the server request internal network resources, potentially exposing localhost d...

This SSRF vulnerability in nossrf versions before 1.0.4 allows attackers to bypass protection mechanisms by providing hostnames that resolve to local ...

This vulnerability allows Server-Side Request Forgery (SSRF) attacks against GitLab Enterprise Edition instances with Product Analytics Dashboard enab...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins and themes. It allows attackers to make una...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Fides privacy engineering platform. Attackers can upload malicious YAML f...

CVE-2023-41054 is a Server-Side Request Forgery (SSRF) vulnerability in LibreY's image_proxy.php that allows attackers to use the server as a proxy to...

This Server-Side Request Forgery (SSRF) vulnerability in the Scout application allows attackers to make the server send arbitrary HTTP requests to int...

This SSRF vulnerability in the Shibboleth Identity Provider OIDC OP plugin allows attackers to make arbitrary HTTP requests to third-party services by...

AutoGPT versions prior to beta-v0.4.2 contain a server-side request forgery (SSRF) vulnerability in the 'Send Web Request' component that fails to fil...