Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,698 vulnerabilities with CWE-918

CVE-2025-60279 CRITICAL

Illia Cloud illia-Builder < 4.8.5 - Authenticated Server-Side Request Forgery via API

CVE-2025-11864 HIGH

NucleoidAI Nucleoid < 0.7.10 - Server-Side Request Forgery via Outbound Request Handler

CVE-2025-62427 HIGH

Angular SSR < 19.2.18, 20.3.6, 21.0.0-next.8 - Server-Side Request Forgery via URL Resolution Mechanism

CVE-2025-10056 MEDIUM

Task Scheduler plugin <1.6.3 - SSRF

CVE-2025-60540 MEDIUM

karakeep 0.26.0-0.7.0 - Server-Side Request Forgery

CVE-2025-11674 MEDIUM

SOOP-CLM 5.2-5.3 - Privileged Server-Side Request Forgery

CVE-2025-11648 MEDIUM

Furbo 360 <036 & Mini <074 Firmware SSRF via GATT URL Handler

CVE-2025-11636 MEDIUM

Furbo 360 Dog Camera Firmware < 036 - Server-Side Request Forgery in Account Handler

CVE-2025-61884 HIGH KEV

Oracle Configurator 12.2.3-12.2.14 - Unauthenticated CRLF Injection via Runtime UI

CVE-2025-31993 LOW

HCL Unica Centralized Offer Management < 25.1.0.1 - Server-Side Request Forgery

CVE-2025-9975 MEDIUM

WP Scraper <= 5.8.1 - Authenticated Server-Side Request Forgery via wp_scraper_extract_content

CVE-2025-59146 HIGH

QuantumNous New API < 0.9.0.5 - Authenticated URL Processing Server-Side Request Forgery

CVE-2025-9868 HIGH

Sonatype Nexus Repository <2.15.2 - SSRF

CVE-2025-6242 HIGH

vLLM MediaConnector - Multimodal URL Server-Side Request Forgery

CVE-2025-61784 HIGH

llama-factory < 0.9.4 - SSRF and LFI via _process_request

CVE-2025-61768 MEDIUM

KUNO CMS < 1.3.15 - Authenticated Server-Side Request Forgery via SVG File Upload

CVE-2025-11286 MEDIUM

MCPHub < 0.9.10 - Server-Side Request Forgery via baseUrl Argument

CVE-2025-10695 MEDIUM

OpenSupports 4.11.0 Diagnostics - Unauthenticated Server-Side Request Forgery

CVE-2025-55971 MEDIUM

TCL 65C655 Smart TV UPnP AVTransport - Unauthenticated Server-Side Request Forgery

CVE-2025-54087 LOW

Absolute Secure Access < 14.10 - Authenticated Server-Side Request Forgery

CVE-2025-57305 MEDIUM

VitaraCharts 5.3.5 fileLoader.jsp - Server-Side Request Forgery

CVE-2025-61735 HIGH

Apache Kylin 4.0.0-5.0.2 - Server-Side Request Forgery

CVE-2025-20371 HIGH

Splunk Enterprise <10.0.1, <9.4.4, <9.3.6, <9.2.8 - SSRF

CVE-2025-10735 MEDIUM

Block For Mailchimp - WordPress <1.1.12 - SSRF

CVE-2025-56520 MEDIUM

Dify 1.6.0 RemoteFileUploadApi - Server-Side Request Forgery

Previous Page 36 of 108 Next

Details

Vulnerabilities 2,698

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy