Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,683 vulnerabilities with CWE-918

CVE-2026-26118 HIGH

Azure MCP Server - Authenticated Server-Side Request Forgery

CVE-2026-24316 MEDIUM

SAP NetWeaver Application Server for ABAP - Server-Side Request Forgery via ABAP Test Report

CVE-2026-25960 HIGH

vLLM 0.15.1-0.17.0 - Server-Side Request Forgery via URL Parsing Inconsistency

CVE-2026-25737 HIGH

Budibase <=3.24.0 - Arbitrary File Upload

CVE-2026-3588 HIGH

IKEA Dirigera < 2.866.4 - Server-Side Request Forgery

CVE-2026-3789 MEDIUM

Bytedesk <= 1.3.9 - Server-Side Request Forgery via SpringAIGitee apiUrl

CVE-2026-3788 MEDIUM

bytedesk < 1.4.5.4 - Server-Side Request Forgery via SpringAIOpenrouterRestController getModels Function

CVE-2026-3750 MEDIUM

continew_admin < 4.1.0 - Server-Side Request Forgery via S3ClientFactory URI.create

CVE-2026-3733 MEDIUM

xxl-job <= 3.3.2 - Server-Side Request Forgery

CVE-2026-3683 MEDIUM

HotGo <= 2.0 - Server-Side Request Forgery via ImageTransferStorage Function

CVE-2026-3681 MEDIUM

FFmate <= 2.0.15 - Server-Side Request Forgery via fireWebhook Function

CVE-2026-30858 MEDIUM

WeKnora < 0.3.0 - Unauthenticated Server-Side Request Forgery via DNS Rebinding

CVE-2026-30834 HIGH

PinchTab < 0.7.7 - Server-Side Request Forgery via Download Endpoint

CVE-2026-30832 CRITICAL

Soft Serve 0.6.0-0.11.3 - Authenticated Server-Side Request Forgery via LFS Endpoint URL

CVE-2026-30840 HIGH

wallos < 4.6.2 - Server-Side Request Forgery via Notification Tester

CVE-2026-30839 MEDIUM

wallos < 4.6.2 - Server-Side Request Forgery via testwebhooknotifications.php

CVE-2026-30828 HIGH

wallos < 4.6.2 - Server-Side Request Forgery via URL Parameter

CVE-2026-27797 MEDIUM

homarr < 1.54.0 - Unauthenticated Server-Side Request Forgery

CVE-2026-30247 MEDIUM

WeKnora < 0.2.12 - Server-Side Request Forgery via Redirect Chain Bypass

CVE-2026-30242 HIGH

Plane < 1.2.3 - Authenticated Server-Side Request Forgery via Webhook URL Validation Bypass

CVE-2026-30844 HIGH

Wekan 8.32-8.33 - Authenticated Server-Side Request Forgery via Attachment URL Loading

CVE-2026-29178 HIGH

Lemmy < 0.19.16 - Unauthenticated Server-Side Request Forgery via Image Endpoint File Type Parameter

CVE-2026-29049 MEDIUM

melange < 0.40.5 - Server-Side Request Forgery via Unbounded URI Download

CVE-2026-28680 CRITICAL

ghostfolio < 2.245.0 - Server-Side Request Forgery via Manual Asset Import Feature

CVE-2026-28677 HIGH

OpenSift < 1.6.3 - Server-Side Request Forgery via URL Ingest Pipeline

Previous Page 23 of 108 Next

Details

Vulnerabilities 2,683

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy