CWE-918: Server-Side Request Forgery (SSRF)

The Librarian contains a server-side request forgery (SSRF) vulnerability that allows attackers to use the web_fetch tool to scan internal network por...

Mastodon's IP address filtering mechanism had incomplete coverage, allowing attackers to bypass protections against local network requests. This enabl...

Cowrie honeypot versions before 2.9.0 contain a server-side request forgery vulnerability in the emulated wget and curl commands. Unauthenticated atta...

A Server-Side Request Forgery (SSRF) vulnerability in markdownify-mcp allows attackers to bypass private IP restrictions using hostname-based bypass t...

fetch-mcp v1.0.2 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to bypass private IP validation mechani...

This SSRF vulnerability in Apache HTTP Server on Windows allows attackers to force the server to make requests to malicious servers, potentially leaki...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Popup Builder WordPress plugin. Unauthenticated attackers can exploit ins...

This vulnerability allows unauthenticated attackers to perform blind server-side request forgery (SSRF) against vulnerable Splunk deployments, potenti...

This Server-Side Request Forgery (SSRF) vulnerability in Flowise version 3.0.5 allows attackers to use the application server as a proxy to access int...

An unauthenticated attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability in StorageGRID to change passwords for Grid Manager or Tena...

This SSRF vulnerability in Schneider Electric products allows attackers to send specially crafted documents to vulnerable endpoints, potentially acces...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows that allows attackers to leak NTLM hashes to ma...

CVE-2025-46568 is a Server-Side Request Forgery (SSRF) vulnerability in Stirling-PDF that allows attackers to read arbitrary files on the server throu...

AutoGPT versions before 0.6.1 contain a DNS rebinding vulnerability in the requests wrapper that allows Server-Side Request Forgery (SSRF). Attackers ...

SmartRobot from INTUMIT has an unauthenticated Server-Side Request Forgery vulnerability that allows attackers to make the server send requests to int...

This SSRF vulnerability in LNbits allows attackers to make the server send HTTP requests to internal network resources by manipulating LNURL authentic...

This Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability in OpenEMR allows attackers to force the server to make unauthorized requests to...

This SSRF vulnerability in AutoGPT allows attackers to bypass URL validation and make unauthorized requests to internal systems. It affects AutoGPT ve...

A Server-Side Request Forgery (SSRF) vulnerability in composiohq/composio v0.4.4 allows attackers to read arbitrary files on the system by exploiting ...

ComfyUI v0.2.4 has a Server-Side Request Forgery (SSRF) vulnerability where attackers can combine two REST APIs to make the server fetch unauthorized ...

This SSRF vulnerability in parisneo/lollms-webui allows attackers to make the server send unauthorized HTTP requests to internal or external systems, ...

This SSRF vulnerability in infiniflow/ragflow version 0.12.0 allows attackers to make the server send requests to arbitrary URLs, potentially accessin...

This Server-Side Request Forgery (SSRF) vulnerability in haotian-liu/llava allows attackers to make the server send HTTP requests to arbitrary interna...

A Server-Side Request Forgery (SSRF) vulnerability in lm-sys/fastchat web server allows attackers to make the server send requests to internal resourc...

This vulnerability in haotian-liu/llava version 1.2.0 allows attackers to perform Server-Side Request Forgery (SSRF) through the /run/predict endpoint...

A Server-Side Request Forgery (SSRF) vulnerability in lm-sys/fastchat version 0.2.36 allows attackers to send crafted requests through the /queue/join...

This Server-Side Request Forgery (SSRF) vulnerability in langgenius/dify version 0.9.1 allows attackers to make unauthorized requests to internal netw...

GPT Academic version 3.83 contains a Server-Side Request Forgery (SSRF) vulnerability in its HotReload plugin function. Attackers can exploit this to ...

This SSRF vulnerability in GPT Academic allows attackers to make the server request arbitrary web resources using its credentials. It affects users ru...

CVE-2025-25301 is a server-side request forgery (SSRF) vulnerability in Rembg's API endpoint that allows attackers to fetch and process images from in...

This SSRF vulnerability in SUCMS v1.0 allows attackers to make the server send requests to internal systems by manipulating the admin_webgather.php co...

A Server-Side Request Forgery vulnerability in SonicOS SSH management interface allows authenticated attackers to make the firewall initiate TCP conne...

This SSRF vulnerability in Smart Agent v1.1.0 allows attackers to make the server send requests to internal systems, potentially exposing sensitive in...

This SSRF vulnerability in Stirling-PDF allows attackers to make the server send requests to internal systems by manipulating the /url-to-pdf endpoint...

This vulnerability allows server-side request forgery (SSRF) in Mobile Security Framework (MobSF) versions before 3.9.7. Attackers can exploit a redir...

A Server-Side Request Forgery (SSRF) vulnerability in Logpoint SOAR allows attackers to make the server send requests to internal systems, potentially...

This Server-Side Request Forgery (SSRF) vulnerability in JPress allows attackers to make the vulnerable server send requests to internal or external s...

This Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to make the server send requests to ...

This Server-Side Request Forgery (SSRF) vulnerability in the WordPress Justified Image Grid plugin allows attackers to make unauthorized requests from...

This SSRF vulnerability in berriai/litellm allows attackers to redirect API requests to malicious servers, exposing OpenAI API keys. Any application u...

This vulnerability in streamlit-geospatial allows blind server-side request forgery (SSRF) where user-controlled URLs are passed to a Web Map Service ...

CVE-2024-41812 is a Server-Side Request Forgery (SSRF) vulnerability in txtdot HTTP proxy that allows attackers to use the server as a proxy to send H...

This vulnerability in Apache HTTP Server on Windows allows attackers to perform Server-Side Request Forgery (SSRF) attacks when mod_rewrite is configu...

This vulnerability in Microsoft SharePoint Server allows attackers to access sensitive information without proper authorization. It affects organizati...

This SSRF vulnerability in mintplex-labs/anything-llm allows attackers to bypass IP filtering and access internal network resources by using alternati...

The WP STAGING WordPress Backup Plugin before version 3.5.0 allows administrators to conduct Server-Side Request Forgery (SSRF) attacks. This vulnerab...

This vulnerability allows remote attackers to perform Server-Side Request Forgery (SSRF) in Ladder software versions 0.0.1 through 0.0.21. Attackers c...

This CVE describes a server-side request forgery (SSRF) vulnerability in Mobile Security Framework (MobSF) versions 3.9.5 Beta and prior. The vulnerab...

This vulnerability in AnythingLLM allows authenticated users with manager or admin permissions to discover and potentially access other internal servi...

This vulnerability in AnythingLLM's web scraper allows authorized users (managers, admins, or single users) to access AWS EC2 instance metadata servic...