Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,699 vulnerabilities with CWE-918

CVE-2025-10764 MEDIUM

ZKEACMS < 4.3 - Server-Side Request Forgery via PendingTaskController Data Argument

CVE-2025-10760 MEDIUM

Harness 3.3.0 - Server-Side Request Forgery via LookupRepo URL Parameter

CVE-2025-26515 HIGH

StorageGRID < 11.8.0.15 - Unauthenticated Server-Side Request Forgery

CVE-2025-59344 HIGH

AliasVault < 0.23.1 - Authenticated Server-Side Request Forgery via Favicon Extraction

CVE-2025-57644 CRITICAL

Accela Automation Platform 22.2.3.0.230103 - RCE & Arbitrary File Write via Test Script

CVE-2025-59346 MEDIUM

Dragonfly < 2.1.0 - Server-Side Request Forgery via Preheat Job URL Parameter

CVE-2025-9862 MEDIUM

Ghost 5.99.0-5.130.3 and 6.0.0-6.0.8 - Server-Side Request Forgery

CVE-2025-57055 MEDIUM

WonderCMS 3.5.0 Module Installer - Admin Server-Side Request Forgery

CVE-2025-59437 LOW

node-ip <= 2.0.1 - Address 0 Server-Side Request Forgery

CVE-2025-59436 LOW

node-ip <= 2.0.1 - Octal Loopback Server-Side Request Forgery

CVE-2025-59155 MEDIUM

hackmd-mcp 1.4.0-1.4.9 - Server-Side Request Forgery via Hackmd-Api-Url Header

CVE-2025-10471 MEDIUM

ZKEACMS 4.3 MediaController Proxy - Server-Side Request Forgery

CVE-2025-58045 CRITICAL

Dataease < 2.10.13 - Server-Side Request Forgery via DB2 JDBC LDAP Parameter

CVE-2025-10453 MEDIUM

O'View MapServer - Unauthenticated Server-Side Request Forgery

CVE-2025-10410 MEDIUM

SourceCodester Link Status Checker 1.0 - Server-Side Request Forgery via Proxy Argument

CVE-2025-10397 MEDIUM

Magicblack MacCMS API cjurl - Server-Side Request Forgery

CVE-2025-10395 MEDIUM

Magicblack MacCMS Scheduled Task cjurl - Server-Side Request Forgery

CVE-2025-10393 MEDIUM

miurla morphic <= 0.4.5 - Server-Side Request Forgery via HTTP Status Code 3xx Handler

CVE-2025-10391 MEDIUM

crmeb < 5.6.1 - Server-Side Request Forgery via OutAccountServices push_token_url

CVE-2025-10329 MEDIUM

unmark < 1.9.3 - Server-Side Request Forgery via Marks.php URL Parameter

CVE-2025-6454 HIGH

GitLab 16.11-18.1.5, 18.2-18.2.5, 18.3-18.3.1 - Authenticated Server-Side Request Forgery via Proxy Request Injection

CVE-2025-59055 MEDIUM

InstantCMS <= 2.17.3 - Authenticated Server-Side Request Forgery via Package Parameter

CVE-2025-10211 MEDIUM

ChanCMS 3.3.0 CollectController taskUrl - Server-Side Request Forgery

CVE-2025-7843 MEDIUM

WordPress Auto Save Remote Images Drafts <= 1.0.9 - Contributor Server-Side Request Forgery

CVE-2025-44594 CRITICAL

halo < 2.20.17 - Server-Side Request Forgery via Upload-from-URL Endpoint

Previous Page 38 of 108 Next

Details

Vulnerabilities 2,699

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy