CWE-918: Server-Side Request Forgery (SSRF)

Lobe Chat versions before 1.19.13 have an unauthenticated SSRF vulnerability that allows attackers to send malicious requests to internal network serv...

CVE-2024-48178 is a Server-Side Request Forgery (SSRF) vulnerability in newbee-mall v1.0.0 that allows attackers to make the server send unauthorized ...

This vulnerability in PrestaShop allows remote code execution through the module upgrade functionality. It affects PrestaShop versions 8.1.7 and earli...

The ip package through version 2.0.1 for Node.js improperly categorizes certain IP address formats (like 127.1, 01200034567, and IPv6 variations) as g...

Tencent Blueking CMDB versions 3.2.x to 3.9.x contain a Server-Side Request Forgery (SSRF) vulnerability in the event subscription function. Attackers...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in LangChain's RecursiveUrlLoader where an attacker controlling the initial craw...

This CVE describes a server-side request forgery (SSRF) vulnerability in Sharp Energy Management Controllers. An unauthenticated attacker on the same ...

FoodCoopShop versions 3.2.0 through 3.6.0 contain a server-side request forgery (SSRF) vulnerability in the Network module. Manufacturer accounts can ...

This Server-Side Request Forgery vulnerability in Broadcom's Advanced Secure Gateway and Content Analysis allows attackers to make the vulnerable serv...

This Server-Side Request Forgery (SSRF) vulnerability in MicroStrategy Web SDK allows remote unauthenticated attackers to make the server send HTTP re...

CVE-2021-39057 is a server-side request forgery (SSRF) vulnerability in IBM Spectrum Protect Plus that allows authenticated attackers to make unauthor...

CVE-2021-33705 is a Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Portal's Iviews Editor component that allows unauthenticated att...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Schneider Electric EVlink electric vehicle charging stations. An attacker can...

CVE-2021-31216 is a server-side request forgery (SSRF) vulnerability in Siren Investigate's built-in image proxy route that allows authenticated attac...

Dell UCC Edge version 2.3.0 contains a blind Server-Side Request Forgery (SSRF) vulnerability in the Add Customer SFTP Server functionality. Unauthent...

This Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira allows attackers to read arbitrary files on the server by upload...

Plane project management tool versions before 1.2.2 contain a Full Read SSRF vulnerability in the 'Add Link' feature. Authenticated users can send arb...

Wallos versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the logo/icon upload functionality. Attackers can bypass...

CVE-2026-25991 is a Blind Server-Side Request Forgery (SSRF) vulnerability in Tandoor Recipes that allows authenticated users to make the server conne...

This CVE describes a server-side request forgery (SSRF) vulnerability in Chainlit versions before 2.9.4 when using the SQLAlchemy data layer backend. ...

Emlog versions up to 2.5.19 are vulnerable to server-side request forgery (SSRF) via malicious SVG file uploads. Attackers can upload crafted SVG file...

A Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server versions 2023.3 through 2023.3.5 allows attackers to bypass authentica...

Invoice Ninja versions 5.8.56 through 5.11.23 contain an authenticated Server-Side Request Forgery (SSRF) vulnerability that allows authenticated user...

Adobe Commerce versions 3.2.5 and earlier contain a Server-Side Request Forgery (SSRF) vulnerability that allows low-privileged attackers to send craf...

A server-side request forgery (SSRF) vulnerability in GitLab EE allows attackers to make requests to internal resources via a custom Maven Dependency ...

This vulnerability in SuiteCRM allows attackers to perform server-side request forgery (SSRF) attacks through the connectors file verification feature...

This Server-Side Request Forgery (SSRF) vulnerability in langchain's Web Research Retriever allows attackers to make the server send requests to inter...

This Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks allows attackers to make unauthorized requests from the WordPress...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Misskey's 'Upload from URL' and remote attachment features. Attackers can exp...

This vulnerability allows authenticated users in Baserow to perform Server-Side Request Forgery (SSRF) attacks via URL file upload functionality. Atta...

This CVE describes a server-side request forgery (SSRF) vulnerability in MinIO object storage software. Attackers can manipulate URL parameters to mak...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Discourse's FinalDestination component where hostname validation can be bypas...

This vulnerability in NVIDIA NeMo Agent Toolkit UI for Web allows attackers to perform Server-Side Request Forgery (SSRF) through the chat API endpoin...

This SSRF vulnerability in ABB ASPECT, NEXUS, and MATRIX series allows attackers to make unauthorized requests from the server to internal systems whe...

This vulnerability in MyBB 1.8.38 allows remote attackers to obtain sensitive information through the Import a Theme function, potentially via Server-...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in MyBB 1.8.38's Mail function that could allow attackers to access internal net...

This vulnerability in a-blogcms 3.1.15 allows remote attackers to access sensitive information through the /bid/1/admin/entry-edit/ path. It affects a...

This vulnerability in Seo Panel 4.11.0 allows remote attackers to access sensitive information through the Mail Setting component. The issue enables u...

This Server-Side Request Forgery (SSRF) vulnerability in the Product Import Export for WooCommerce plugin allows authenticated WordPress administrator...

This Server-Side Request Forgery vulnerability in the Export and Import Users and Customers WordPress plugin allows authenticated administrators to ma...

This vulnerability allows authenticated WordPress administrators to perform Server-Side Request Forgery (SSRF) attacks through the Order Export & Orde...

The WP All Import Pro WordPress plugin has a Server-Side Request Forgery vulnerability that allows authenticated attackers with Administrator privileg...

A Server-Side Request Forgery vulnerability in GitHub Enterprise Server allows authenticated site administrators to execute arbitrary code on the serv...

This Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center allows attackers to send specially crafted requests that tr...

This vulnerability in Shopware's Flow Builder allows attackers to bypass URL validation in webhook actions, enabling Server-Side Request Forgery (SSRF...

CVE-2022-24789 is a Server-Side Request Forgery (SSRF) vulnerability in C1 CMS that allows authenticated users to make arbitrary GET requests to inter...

CVE-2021-31950 is a server-side request forgery (SSRF) vulnerability in Microsoft SharePoint Server that allows authenticated attackers to send crafte...

CVE-2026-27730 is a Server-Side Request Forgery (SSRF) vulnerability in esm.sh's fetch route that allows attackers to bypass hostname-based validation...

OpenClaw's SSRF protection could be bypassed using IPv4-mapped IPv6 addresses, allowing attackers to access restricted internal resources like localho...

CVE-2026-24138 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in FOG Project's getversion.php. Attackers can exploit this by s...