CWE-918: Server-Side Request Forgery (SSRF)

This vulnerability in MaxKB allows authenticated users to bypass sandbox restrictions and execute Python code that can access internal network service...

This SSRF vulnerability in mcp-markdownify-server allows attackers to craft prompts that trick the server into making HTTP requests to attacker-contro...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in NextChat's WebDav API endpoint. Attackers can exploit it by manipulating the ...

This vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform allows authenticated non-administrative users to craft requests that trigger the app...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the UEditor component of erzhongxmu JEEWMS 3.7. Attackers can exploit the /pl...

This vulnerability allows attackers to perform Server-Side Request Forgery (SSRF) attacks against FeehiCMS installations up to version 2.1.1. By manip...

This Server-Side Request Forgery (SSRF) vulnerability in prompt-optimizer allows attackers to make the server send requests to internal resources that...

This vulnerability allows remote attackers to perform server-side request forgery (SSRF) attacks against NucleoidAI Nucleoid servers. Attackers can ma...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin that allows attackers to make unauthorized requests from the ser...

CVE-2025-45474 is a Server-Side Request Forgery (SSRF) vulnerability in maccms10's email settings functionality. Attackers can exploit this to make un...

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows attackers to bypass input validation using leading charac...

This critical vulnerability in IPC Unigy Management System allows attackers to perform server-side request forgery (SSRF) through the HTTP Request Han...

This critical vulnerability in wanglongcn ltcms 1.0.20 allows remote attackers to perform server-side request forgery (SSRF) through the /api/file/mul...

This critical vulnerability in wanglongcn ltcms 1.0.20 allows attackers to perform server-side request forgery (SSRF) through the /api/test/download e...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench, allowing attackers to make unauthorized requests from...

This CVE highlights a Server-Side Request Forgery (SSRF) vulnerability in XML Digital Signature (XMLDsig) implementations due to insufficient warnings...

This vulnerability allows attackers to perform server-side request forgery (SSRF) attacks against JBoss EAP servers. When the JWT validator processes ...

A buffer truncation vulnerability in libuv's uv_getaddrinfo function allows attackers to craft malicious hostnames that resolve to unintended IP addre...

This critical vulnerability in 60IndexPage allows remote attackers to perform server-side request forgery (SSRF) by manipulating the 'url' parameter i...

This critical SSRF vulnerability in HaoKeKeJi YiQiNiu allows attackers to make unauthorized server-side HTTP requests to internal systems by manipulat...

This critical Server-Side Request Forgery (SSRF) vulnerability in kodbox allows attackers to manipulate the 'path' parameter in the cover function to ...

This Server-Side Request Forgery (SSRF) vulnerability in the PostX WordPress plugin allows authenticated attackers with Administrator privileges to ma...

The User Language Switch WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated administrators to make...

The All In One Image Viewer Block WordPress plugin has a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to mak...

The TableMaster for Elementor WordPress plugin has a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated attackers with Author-...

This Server-Side Request Forgery (SSRF) vulnerability in the WP Messiah Frontis Blocks WordPress plugin allows attackers to make unauthorized requests...

The GetContentFromURL WordPress plugin is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to 1.0. This allows authenticated attack...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the HTML5 Audio Player WordPress plugin. Unauthenticated attackers can exploi...

OpenBMCS 2.4 contains an unauthenticated Server-Side Request Forgery (SSRF) vulnerability that allows attackers to force the application to make HTTP ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Astro's Cloudflare adapter. When configured with output: 'server' and using t...

This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks through the Eventin WordPress plugin. Attack...

The Broken Link Notifier WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to make ar...

This Server-Side Request Forgery (SSRF) vulnerability in the TeconceTheme Allmart WordPress plugin allows attackers to make the vulnerable server send...

An unauthenticated SSRF vulnerability in SMA1000 Appliance Work Place interface allows attackers to make the appliance send requests to arbitrary inte...

A Server-Side Request Forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface allows remote unauthenticated attackers to make the a...

Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF), allowing unauthenticated attackers to make unauthorized requests...

This SSRF vulnerability in GetSimple CMS CE 3.3.19 allows attackers to make the server send requests to internal systems through the plugin download f...

A Server-Side Request Forgery (SSRF) vulnerability in the SoftLab Radio Player WordPress plugin allows attackers to make unauthorized requests from th...

This vulnerability in SAP NetWeaver Administrator allows authenticated attackers to perform Server-Side Request Forgery (SSRF) by enumerating internal...

The Skitter Slideshow WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to make arbit...

This Server-Side Request Forgery (SSRF) vulnerability in the Seraphinite Post .DOCX Source WordPress plugin allows attackers to make unauthorized requ...

This CVE describes an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the BerqWP WordPress plugin. Attackers can exploit this to m...

This Server-Side Request Forgery (SSRF) vulnerability in the Foxiz WordPress theme allows attackers to make unauthorized requests from the vulnerable ...

This vulnerability allows remote attackers to execute arbitrary code on affected SRS real-time video servers by sending a specially crafted request. I...

The Everest Forms WordPress plugin has a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to make arbitrary web ...

This Server-Side Request Forgery (SSRF) vulnerability in RapidLoad Power-Up for Autoptimize allows attackers to make the WordPress server send unautho...

This vulnerability in Apache Axis 1 allows authenticated users with admin service access to perform Server-Side Request Forgery (SSRF) attacks due to ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress CommentLuv plugin. Attackers can exploit this to make the vulne...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Darren Cooney Instant Images WordPress plugin. It allows authenticated at...

This Server-Side Request Forgery (SSRF) vulnerability in Deskpro Support Desk allows attackers to craft malicious URLs that trick the server into maki...