CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,698 vulnerabilities with CWE-918
CVE-2025-34233 MEDIUM
Vasion Print Virtual Appliance < 25.1.102 & Application < 25.1.1413 - SSRF via file_get_contents()
CVSS 6.8
CVE-2025-34232 MEDIUM
Vasion Print Virtual Appliance < 25.1.102/25.1.1413 - Blind SSRF via dellCheck.php
CVSS 5.3
CVE-2025-34231 HIGH
Vasion Print Virtual Appliance <25.1.102 & Application <25.1.1413 - SSRF via HP Badge Setup
CVSS 8.6
CVE-2025-34230 MEDIUM
Vasion Print Virtual Appliance < 25.1.102 & Application < 25.1.1413 - Blind SSRF via HP Log Off SSO
CVSS 5.8
CVE-2025-34229 MEDIUM
Vasion Print Virtual Appliance < 25.1.102 - Unauthenticated Blind SSRF via hp/installApp.php
CVSS 5.8
CVE-2025-34228 HIGH
Vasion Print Virtual Appliance < 25.1.102 - Unauthenticated SSRF via Lexmark Update Script
CVSS 8.6
CVE-2025-34225 HIGH
Vasion Print Virtual Appliance Host < 25.1.102 & Application < 25.1.1413 - SSRF via console_release
CVSS 8.6
CVE-2025-11046 HIGH
Tencent WeKnora 0.1.0 - Server-Side Request Forgery via baseUrl Argument
CVSS 7.3
CVE-2025-60181 MEDIUM
Silencesoft RSS Reader <= 0.6 - Server-Side Request Forgery
CVSS 5.4
CVE-2025-60161 MEDIUM
ZoloBlocks <= 2.3.11 - Server-Side Request Forgery
CVSS 5.4
CVE-2025-10137 MEDIUM
Snow Monkey <= 29.1.5 - Unauthenticated Server-Side Request Forgery via request() Function
CVSS 5.4
CVE-2025-42907 MEDIUM
SAP BI Platform - Server-Side Request Forgery via LogonToken IP Address Modification
CVSS 4.3
CVE-2025-59527 HIGH
Flowise 3.0.5 - Server-Side Request Forgery via Fetch-Links Endpoint
CVSS 7.5
CVE-2025-9960 MEDIUM
is-localhost-ip 2.0.0 - Server-Side Request Forgery
CVE-2025-58962 MEDIUM
Publitio <= 2.2.1 - Server-Side Request Forgery
CVSS 6.4
CVE-2025-58011 MEDIUM
Content Mask <= 1.8.5.2 - Server-Side Request Forgery
CVSS 6.4
CVE-2025-58005 MEDIUM
DriCub <= 2.9 - Server-Side Request Forgery
CVSS 5.4
CVE-2025-57984 MEDIUM
Pratik Ghela MakeStories <3.0.4 - SSRF
CVSS 4.4
CVE-2025-57943 MEDIUM
Skimlinks Affiliate Marketing Tool <1.3 - SSRF
CVSS 4.4
CVE-2025-53461 MEDIUM
Binsaifullah Beaf image-compare-block <= 1.6.2 - Server-Side Request Forgery
CVSS 4.4
CVE-2025-53457 MEDIUM
activewebsight SEO Backlink Monitor <1.6.0 - SSRF
CVSS 4.4
CVE-2025-36037 MEDIUM
IBM webMethods Integration 10.15 and 11.1 - Authenticated Server-Side Request Forgery
CVSS 5.4
CVE-2025-10787 MEDIUM
MuYuCMS < 2.7 - Server-Side Request Forgery via Link URL Parameter
CVSS 6.3
CVE-2025-10765 MEDIUM
ZKEACMS < 4.3 - Server-Side Request Forgery via SEOSuggestions CheckPage/Suggestions Function
CVSS 4.7
CVE-2025-10764 MEDIUM
ZKEACMS < 4.3 - Server-Side Request Forgery via PendingTaskController Data Argument
CVSS 6.3
Details
Vulnerabilities 2,698
Links
MITRE CWE Entry Search this CWE With Exploits