Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,678 vulnerabilities with CWE-918

CVE-2026-7223 HIGH

BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery

CVE-2026-7221 HIGH

TencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgery

CVE-2026-7178 HIGH

ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery

CVE-2026-7177 HIGH

ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery

CVE-2026-7158 HIGH

dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery

CVE-2026-7150 MEDIUM

dh1011 auto-favicon MCP Tool server.py generate_favicon_from_url server-side request forgery

CVE-2026-7147 HIGH

JoeCastrom mcp-chat-studio LLM Models API llm.js server-side request forgery

CVE-2026-7146 HIGH

AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery

CVE-2026-7094 HIGH

ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery

CVE-2026-7084 MEDIUM

HBAI-Ltd Toonflow-app getCodeByLink Endpoint getCodeByLink.ts fetch server-side request forgery

CVE-2026-7065 HIGH

BidingCC BuildingAI Remote Upload API file-storage.service.ts uploadRemoteFile server-side request forgery

CVE-2026-7025 HIGH

Typecho Ping Back Service Endpoint Service.php sendPingHandle server-side request forgery

CVE-2026-6983 MEDIUM

pagekit download server-side request forgery

CVE-2026-6981 MEDIUM

IhateCreatingUserNames2 AiraHub2 Endpoint AiraHub.py sync_agents server-side request forgery

CVE-2026-6979 MEDIUM

devlikeapro WAHA API Request media.controller.ts server-side request forgery

CVE-2026-41488 LOW

angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

CVE-2026-41481 MEDIUM

LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

CVE-2026-42043 HIGH

Axios <1.15.1, <0.31.1 - Auth Bypass

CVE-2026-42038 MEDIUM

Axios <1.15.1, <0.31.1 - Proxy Bypass

CVE-2026-41321 LOW

@astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpoint

CVE-2026-41323 HIGH

Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

CVE-2026-31955 MEDIUM

Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

CVE-2026-41361 HIGH

OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges

CVE-2026-35431 CRITICAL

Microsoft Entra ID Entitlement Management Spoofing Vulnerability

CVE-2026-32210 CRITICAL

Microsoft Dynamics 365 (online) Spoofing Vulnerability

Previous Page 11 of 108 Next

Details

Vulnerabilities 2,678

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy