Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,699 vulnerabilities with CWE-918

CVE-2025-5818 MEDIUM

Featured Image Plus - Quick & Bulk Edit with Unsplash <1.6.4 - SSRF

CVE-2025-54122 CRITICAL

Manager-io/Manager <25.7.18.2519 - SSRF

CVE-2025-52362 CRITICAL

PHProxy <= 1.1.1 - Unauthenticated Server-Side Request Forgery via _proxurl Parameter

CVE-2025-36845 HIGH

Eveo URVE Web Manager 27.02.2025 - Server-Side Request Forgery via /_internal/redirect.php

CVE-2025-46385 HIGH

Emby Server for Windows 4.8 - Server-Side Request Forgery

CVE-2025-52163 MEDIUM

Agorum core open <11.9.2-11.10.1 - SSRF

CVE-2025-7787 MEDIUM

xxl-job < 3.1.1 - Server-Side Request Forgery via httpJobHandler

CVE-2025-7759 MEDIUM

JeeSite < 5.12.1 - Server-Side Request Forgery via UEditor Image Grabber Source Parameter

CVE-2025-20288 MEDIUM

Cisco Unified Intelligence Center - SSRF

CVE-2025-48294 MEDIUM

Kerfred FG Drupal to WordPress - SSRF

CVE-2025-1220 LOW

PHP 8.1-8.4 fsockopen - Null Byte Hostname Validation Bypass

CVE-2025-53641 HIGH

gitroomhq/postiz-app 1.45.1-1.62.3 - Server-Side Request Forgery via HTTP Header Injection

CVE-2025-51591 LOW

JGM Pandoc 3.6.4 - Server-Side Request Forgery via Crafted iframe

CVE-2025-50125 MEDIUM

Schneider Electric EcoStruxure IT Data Center Expert < 8.3 - SSRF Remote Code Execution

CVE-2025-6851 HIGH

Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery via ajax_blinks Function

CVE-2025-53371 CRITICAL

DiscordNotifications - Server-Side Request Forgery and Denial of Service via Webhook URL

CVE-2025-49545 MEDIUM

Adobe ColdFusion <= 2025.2, <= 2023.14, <= 2021.20 - Authenticated Server-Side Request Forgery

CVE-2025-0292 MEDIUM

Ivanti Connect Secure <22.7R2.8 - SSRF

CVE-2025-42965 MEDIUM

SAP CMC Promotion Management - Info Disclosure

CVE-2025-53473 HIGH

Nimesa Backup and Recovery < 3.0.2025062305 - Server-Side Request Forgery

CVE-2025-7103 MEDIUM

BoyunCMS < 1.4.20 - Server-Side Request Forgery via curl in /application/pay/controller/Index.php

CVE-2025-49418 HIGH

Allmart <= 1.0.0 - Server-Side Request Forgery

CVE-2025-28963 MEDIUM

Md Yeasin Ul Haider URL Shortener <3.0.7 - SSRF

CVE-2025-6729 MEDIUM

PayMaster for WooCommerce <= 0.4.31 - Authenticated Server-Side Request Forgery via wp_ajax_paym_status AJAX Action

CVE-2025-5817 HIGH

Amazon Products to WooCommerce <1.2.7 - SSRF

Previous Page 42 of 108 Next

Details

Vulnerabilities 2,699

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy