CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,708 vulnerabilities with CWE-918
CVE-2025-48383 HIGH
Django-Select2 <8.4.1 - Info Disclosure
CVSS 8.2
CVE-2025-5186 MEDIUM
jeesite < 5.11.1 - Server-Side Request Forgery via ResourceLoader.getResource
CVSS 6.3
CVE-2025-5140 MEDIUM
Seeyon Zhiyuan OA Web App <8.1 SP2 - SSRF
CVSS 6.3
CVE-2025-48739 MEDIUM
StrangeBee TheHive <5.2.16, <5.3.11, <5.4.10, <5.5.1 - SSRF
CVE-2025-47936 LOW
TYPO3 12.0.0-12.4.30 and 13.0.0-13.4.1 - Authenticated Server-Side Request Forgery via Webhooks
CVSS 3.3
CVE-2025-36560 HIGH
a-blog cms 2.8.0-2.8.84 - Unauthenticated Server-Side Request Forgery
CVSS 8.6
CVE-2025-47791 MEDIUM
Nextcloud Server < 28.0.13, 29.0.10, 30.0.3 - Server-Side Request Forgery via Share Recipient Verification Endpoint
CVSS 4.3
CVE-2025-40595 HIGH
SMA1000 Appliance Work Place - SSRF
CVSS 7.2
CVE-2025-45887 CRITICAL
Yifang CMS 2.0.2 - Server-Side Request Forgery via /api/file/getRemoteContent
CVSS 9.1
CVE-2025-47733 CRITICAL
Microsoft Power Apps - Server-Side Request Forgery
CVSS 9.1
CVE-2025-29972 CRITICAL
Azure Storage Resource Provider - SSRF
CVSS 9.9
CVE-2025-47664 MEDIUM
ThimPress WP Pipes <= 1.4.2 - Server-Side Request Forgery
CVSS 4.4
CVE-2025-47635 MEDIUM
WebinarPress <= 1.33.28 - Server-Side Request Forgery
CVSS 5.5
CVE-2025-47548 MEDIUM
Activity Link Preview For BuddyPress <= 1.4.4 - Server-Side Request Forgery
CVSS 5.4
CVE-2025-47484 MEDIUM
Oliver Campion Display Remote Posts Block <1.1.0 - SSRF
CVSS 6.4
CVE-2025-47483 MEDIUM
Easy Replace Image <= 3.5.0 - Server-Side Request Forgery
CVSS 4.9
CVE-2025-47464 MEDIUM
Solace Extra <= 1.3.1 - Server-Side Request Forgery
CVSS 4.9
CVE-2025-45250 MEDIUM
mrdoc < 0.95 - Server-Side Request Forgery via validate_url Function
CVSS 5.5
CVE-2025-46568 HIGH
Stirling-PDF < 0.45.0 - Server-Side Request Forgery via WeasyPrint HTML Tag Processing
CVSS 7.5
CVE-2025-2170 HIGH
SonicWall SMA1000 Firmware < 12.4.3-02925 - Unauthenticated Server-Side Request Forgery
CVSS 7.2
CVE-2025-4012 LOW
PlayEdu < 1.8 - Server-Side Request Forgery via User Avatar Handler
CVSS 2.7
CVE-2025-3954 LOW
ChurchCRM 5.16.0 - Server-Side Request Forgery via Referer Handler
CVSS 3.7
CVE-2025-3775 MEDIUM
ShopLentor - Server-Side Request Forgery
CVSS 6.5
CVE-2025-46531 MEDIUM
Ankur Vishwakarma WP AVCL Automation Helper <3.4 - SSRF
CVSS 4.9
CVE-2025-46511 MEDIUM
BeerXML Shortcode <= 0.7.1 - Server-Side Request Forgery
CVSS 6.4
Details
Vulnerabilities 2,708
Links
MITRE CWE Entry Search this CWE With Exploits