Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,441 vulnerabilities with CWE-918

CVE-2026-2290 LOW

Post Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field

CVE-2026-1648 HIGH

Performance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

CVE-2026-1313 HIGH

MimeTypes Link Icons <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content

CVE-2026-4302 HIGH

WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API

CVE-2026-33237 MEDIUM

AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation

CVE-2026-33226 HIGH

Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview

CVE-2026-33126 MEDIUM

Frigate has SSRF vulnerability in /ffprobe endpoint

CVE-2026-33081 MEDIUM

PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation

CVE-2026-33060 MEDIUM

CKAN MCP Server: SSRF via base_url allows access to internal networks

CVE-2026-33039 HIGH

AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy

CVE-2026-33024 CRITICAL

AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator

CVE-2026-32949 HIGH

SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL

CVE-2026-32812 MEDIUM

Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint

CVE-2026-32828 MEDIUM

Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

CVE-2026-29107 MEDIUM

SuiteCRM vulnerable to authenticated SSRF via PDF export

CVE-2026-29097 HIGH

SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet

CVE-2026-32037 MEDIUM

OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling

CVE-2026-32019 HIGH

OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

CVE-2026-33321 HIGH

OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

CVE-2026-32169 CRITICAL

Azure Cloud Shell Elevation of Privilege Vulnerability

CVE-2026-26139 HIGH

Microsoft Purview Elevation of Privilege Vulnerability

CVE-2026-26138 HIGH

Microsoft Purview Elevation of Privilege Vulnerability

CVE-2026-26137 CRITICAL

Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability

CVE-2026-26120 MEDIUM

Microsoft Bing Tampering Vulnerability

CVE-2026-30404 HIGH

wgcloud v3.6.3 - SSRF

Previous Page 11 of 98 Next

Details

Vulnerabilities 2,441

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy