Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,678 vulnerabilities with CWE-918

CVE-2026-26150 HIGH

Microsoft Purview eDiscovery Elevation of Privilege Vulnerability

CVE-2026-41272 HIGH

Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)

CVE-2026-41271 HIGH

Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

CVE-2026-41270 HIGH

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

CVE-2026-41461 HIGH

SocialEngine <= 7.8.0 Blind SSRF via /core/link/preview

CVE-2026-41455 HIGH

WeKan < 8.35 SSRF via Webhook URL

CVE-2026-41177 MEDIUM

Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction

CVE-2026-41172 HIGH

Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets)

CVE-2026-41171 HIGH

SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient

CVE-2026-41170 HIGH

Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests

CVE-2026-35548 HIGH

guardsix ODBC Enrichment Plugins <5.2.1 - Auth Bypass

CVE-2026-41130 MEDIUM

Craft CMS resource-js Endpoint - Server-Side Request Forgery

CVE-2026-41129 MEDIUM

Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations

CVE-2026-5921 HIGH

Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack

CVE-2026-41060 HIGH

AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL

CVE-2026-41055 HIGH

WWBN AVideo LiveLinks Proxy - Server-Side Request Forgery

CVE-2026-6744 MEDIUM

Bagisto Downloadable Link copy server-side request forgery

CVE-2026-40566 MEDIUM

FreeScout vulnerable to SSRF via IMAP/SMTP Connection Test Endpoints

CVE-2026-41302 HIGH

OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download

CVE-2026-41297 HIGH

OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirect

CVE-2026-35587 HIGH

Glances IP Plugin has SSRF via public_api that leads to credential leakage

CVE-2026-33626 HIGH

LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

CVE-2026-34428 HIGH

Vvveb < 1.0.8.1 SSRF via oEmbedProxy

CVE-2026-25883 MEDIUM

Vexa <0.10.0-260419-1910 Webhooks - Server-Side Request Forgery

CVE-2026-6649 MEDIUM

Qibo CMS headers server-side request forgery

Previous Page 12 of 108 Next

Details

Vulnerabilities 2,678

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy