Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,697 vulnerabilities with CWE-918

CVE-2026-24902 HIGH

TrustTunnel < 0.9.114 - Server-Side Request Forgery via Numeric IP Bypass

CVE-2026-24767 MEDIUM

NocoDB < 0.301.0 - Server-Side Request Forgery via UploadViaURL HEAD Request

CVE-2026-24779 HIGH

vllm < 0.14.1 - Server-Side Request Forgery via MediaConnector URL Host Parsing Bypass

CVE-2026-24736 CRITICAL

Squidex < 7.21.0 - Server-Side Request Forgery via Webhook URL Parameter

CVE-2026-0746 MEDIUM

WordPress AI Engine <= 3.3.2 get_audio - Subscriber Server-Side Request Forgery

CVE-2026-22039 CRITICAL

Kyverno < 1.15.3 - Authenticated Server-Side Request Forgery via Namespaced Policy apiCall

CVE-2026-24470 HIGH

Skipper <0.24.0 - Privilege Escalation

CVE-2026-0807 HIGH

Frontis Blocks <= 1.1.6 - Unauthenticated SSRF via 'url' Parameter

CVE-2026-24548 MEDIUM

Radio Player <= 2.0.91 - Server-Side Request Forgery

CVE-2026-24138 HIGH

FOG Project <= 1.5.10.1754 getversion.php - Unauthenticated Server-Side Request Forgery

CVE-2026-24117 MEDIUM

Rekor < 1.5.0 - Server-Side Request Forgery via Public Key Retrieval Endpoint

CVE-2026-24381 MEDIUM

ThemeGoods PhotoMe < 5.7.2 - Server-Side Request Forgery

CVE-2026-24360 MEDIUM

Craig Hewitt Seriously Simple Podcasting <4 - SSRF

CVE-2026-22482 MEDIUM

wbolt.com IMGspider <= 2.3.12 - SSRF

CVE-2026-22358 MEDIUM

SmartDataSoft Electrician - Electrical Service WordPress <=5.6 - SSRF

CVE-2026-24048 LOW

Backstage backend-defaults < 0.12.2 - Server-Side Request Forgery via FetchUrlReader Redirect Handling

CVE-2026-1180 MEDIUM

Keycloak - Server-Side Request Forgery via OpenID Connect Dynamic Client Registration

CVE-2026-22219 HIGH

chainlit < 2.9.4 - Authenticated Server-Side Request Forgery via Project Element Update

CVE-2026-23845 MEDIUM

Mailpit < 1.28.3 - Server-Side Request Forgery via HTML Check CSS Download

CVE-2026-1062 MEDIUM

xiweicheng teamwork_management_system < 2.28.0 - Server-Side Request Forgery via HtmlUtil Summary Function

CVE-2026-0682 LOW

Church Admin <= 5.0.28 - Authenticated Server-Side Request Forgery via audio_url Parameter

CVE-2026-23529 HIGH

Kafka Connect BigQuery Connector <2.11.0 - Info Disclosure

CVE-2026-0613 HIGH

The Librarian - Server-Side Request Forgery via web_fetch Tool

CVE-2026-23768 MEDIUM

lucy-xss-filter < 2025-06-08 - Server-Side Request Forgery via Object/Embed Tag src Attribute

CVE-2026-0600 MEDIUM

Sonatype Nexus Repository <3.88.0 - SSRF

Previous Page 28 of 108 Next

Details

Vulnerabilities 2,697

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy