Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,678 vulnerabilities with CWE-918

CVE-2026-2948 MEDIUM

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl'

CVE-2026-42140 MEDIUM

Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter

CVE-2026-7729 MEDIUM

pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery

CVE-2026-6229 HIGH

Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter

CVE-2026-7605 MEDIUM

JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery

CVE-2026-7049 HIGH

PixelYourSite Pro <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery via 'urls[]' Parameter

CVE-2026-6812 MEDIUM

Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter

CVE-2026-7604 MEDIUM

JeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgery

CVE-2026-7603 MEDIUM

JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery

CVE-2026-42404 MEDIUM

Apache Neethi: Unrestricted HTTP Redirect Following in Policy References

CVE-2026-3340 MEDIUM

Server-Side Request Forgery (SSRF) in Langflow URL Component

CVE-2026-36764 MEDIUM

SpringBlade 4.8.0 - Server-Side Request Forgery

CVE-2026-36757 MEDIUM

Halo v2.22.14 - Server-Side Request Forgery

CVE-2026-36759 MEDIUM

Halo v2.22.14 - Server-Side Request Forgery

CVE-2026-36758 MEDIUM

Halo v2.22.14 - Server-Side Request Forgery

CVE-2026-36756 MEDIUM

Halo v2.22.14 - Server-Side Request Forgery

CVE-2026-7417 HIGH

Algovate xhs-mcp MCP mcp.server.ts xhs_publish_content server-side request forgery

CVE-2026-42641 MEDIUM

WordPress Share This Image plugin <= 2.14 - Server Side Request Forgery (SSRF) vulnerability

CVE-2026-23773 MEDIUM

Dell Disk Library for Mainframe DLm2700 and DLm8700 - Server-Side Request Forgery

CVE-2026-7305 MEDIUM

Xuxueli xxl-job trigger Endpoint XxlJobServiceImpl.java triggerJob server-side request forgery

CVE-2026-7291 MEDIUM

o2oa URL Fetching FileAction.java FileAction server-side request forgery

CVE-2026-42430 MEDIUM

OpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect Handling

CVE-2026-41914 HIGH

OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths

CVE-2026-41912 HIGH

OpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered Navigation

CVE-2026-24231 MEDIUM

NVIDIA NemoClaw < 0.0.13 - Server-Side Request Forgery via validateEndpointUrl() Bypass

Previous Page 10 of 108 Next

Details

Vulnerabilities 2,678

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy