Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918

CVE-2018-1000553 HIGH

Trovebox <= 4.0.0-rc6 - Server-Side Request Forgery via Webhook Component

CVE-2018-12678 CRITICAL

Portainer < 1.18.0 - Unauthenticated Server-Side Request Forgery via Websocket Endpoint

CVE-2018-5752 HIGH

Open-Xchange OX App Suite <7.6.3-7.8.4 - SSRF

CVE-2018-11586 CRITICAL

SearchBlox 8.6.7 - Unauthenticated XML External Entity Injection via REST API Status Endpoint

CVE-2018-1000188 MEDIUM

Jenkins CAS Plugin < 1.4.1 - Server-Side Request Forgery via CasSecurityRealm.java

CVE-2018-1000185 MEDIUM

Jenkins GitHub Branch Source Plugin <2.3.4 - SSRF

CVE-2018-1000184 MEDIUM

Jenkins GitHub Plugin <1.29.0 - SSRF

CVE-2018-1000182 MEDIUM

Jenkins Git Plugin < 3.9.0 - Server-Side Request Forgery via Repository Browser

CVE-2018-9920 MEDIUM

K2 smartforms 4.6.11 - Server-Side Request Forgery via Modified Hostname in Identity STS Forms Scripts URL

CVE-2018-11031 CRITICAL

PHPRAP 1.0.4-1.0.8 - Server-Side Request Forgery via Debug URI

CVE-2018-9919 CRITICAL

Tp-shop 2.0.5-2.0.8 - Server-Side Request Forgery via Backdoor Parameter

CVE-2018-9302 CRITICAL

Cockpit 0.4.4-0.5.5 - Server-Side Request Forgery via URL Parameter

CVE-2018-8939 CRITICAL

WhatsUp Gold < 18.0 - Server-Side Request Forgery via NmAPI.exe

CVE-2018-8801 MEDIUM

GitLab 8.3-10.x - Server-Side Request Forgery in Services and Webhooks

CVE-2018-10174 MEDIUM

Digital Guardian Management Console 7.1.2.0015 - SSRF

CVE-2018-10220 HIGH

Glastopf 3.1.3-dev - Server-Side Request Forgery via abc.php a Parameter

CVE-2018-1000138 CRITICAL

scilico i_librarian < 4.8 - Server-Side Request Forgery via URL Parameter in getFromWeb

CVE-2018-7516 HIGH

Geutebruck G-Cam/EFD-2250 and TopFD-2125 - Server-Side Request Forgery

CVE-2018-1000124 CRITICAL

I Librarian I-librarian <4.8 - XML External Entity (XXE) SSRF

CVE-2018-7667 CRITICAL

Adminer < 4.3.1 - Unauthenticated Server-Side Request Forgery via Server Parameter

CVE-2018-1000067 MEDIUM

Jenkins <2.106-2.89.3 - Info Disclosure

CVE-2018-7055 HIGH

RoomWizard < 4.4.0 - Server-Side Request Forgery via GroupViewProxyServlet URL Parameter

CVE-2018-2370 MEDIUM

SAP BI Launchpad 4.10, 4.20, 4.30 - Server-Side Request Forgery

CVE-2018-1000056 HIGH

Jenkins JUnit Plugin <1.23 - SSRF/DoS

CVE-2018-1000055 HIGH

Jenkins Android Lint Plugin <2.5 - SSRF/DoS

Previous Page 107 of 111 Next

Details

Vulnerabilities 2,758

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy