CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,708 vulnerabilities with CWE-918
CVE-2025-46503 MEDIUM
josheli Simple Google Photos Grid <1.5 - SSRF
CVSS 4.9
CVE-2025-46443 MEDIUM
Adam Pery Animate <= 0.5 - Server-Side Request Forgery
CVSS 4.9
CVE-2025-1522 MEDIUM
PostHog < 0.3.7 - Authenticated Server-Side Request Forgery in database_schema Method
CVSS 6.5
CVE-2025-1521 MEDIUM
PostHog < 0.3.7 - Authenticated Server-Side Request Forgery via slack_incoming_webhook Parameter
CVSS 6.5
CVE-2025-27907 MEDIUM
IBM WebSphere Application Server 8.5-8.5.5.27 - Authenticated Server-Side Request Forgery
CVSS 4.1
CVE-2025-2987 LOW
IBM Maximo Asset Mgmt <7.6.1.3 - SSRF
CVSS 3.8
CVE-2025-29446 LOW
open_webui 0.5.16 - Server-Side Request Forgery in verify_connection Function
CVSS 3.3
CVE-2025-28197 CRITICAL
Crawl4AI <=0.4.247 - Server-Side Request Forgery in async_dispatcher.py
CVSS 9.1
CVE-2025-3787 LOW
PbootCMS 3.2.5 - Server-Side Request Forgery in Image Handler
CVSS 2.7
CVE-2025-29461 HIGH
a-blogcms 3.1.15 - Server-Side Request Forgery via Entry Edit Path
CVSS 7.6
CVE-2025-29460 HIGH
MyBB 1.8.38 Add MyCode - Server-Side Request Forgery
CVSS 7.6
CVE-2025-29459 HIGH
MyBB 1.8.38 Mail Function - Server-Side Request Forgery
CVSS 7.6
CVE-2025-29458 HIGH
MyBB 1.8.38 Change Avatar - Server-Side Request Forgery
CVSS 7.6
CVE-2025-29457 HIGH
MyBB 1.8.38 Import Theme - Server-Side Request Forgery
CVSS 7.6
CVE-2025-29456 MEDIUM
Personal Management System 1.4.65 - Server-Side Request Forgery via Notes Creation
CVSS 6.5
CVE-2025-29453 MEDIUM
Personal Management System 1.4.65 - Server-Side Request Forgery via my-contacts-settings Component
CVSS 6.5
CVE-2025-29455 MEDIUM
Personal Management System 1.4.65 - Server-Side Request Forgery via Travel Ideas Function
CVSS 6.5
CVE-2025-29454 MEDIUM
Personal Management System 1.4.65 - Server-Side Request Forgery via Upload Function
CVSS 6.5
CVE-2025-29452 HIGH
Seo Panel 4.11.0 - Server-Side Request Forgery via Proxy Manager
CVSS 7.6
CVE-2025-29451 HIGH
Seo Panel 4.11.0 - Server-Side Request Forgery via Mail Setting Component
CVSS 7.6
CVE-2025-29450 MEDIUM
twonav 2.1.18-20241105 - Server-Side Request Forgery via Site Settings Component
CVSS 6.5
CVE-2025-29449 MEDIUM
twonav 2.1.18-20241105 - Server-Side Request Forgery via Link Identification Function
CVSS 6.5
CVE-2025-3691 LOW
mirweiye Seven Bears Library CMS < 2023 - Server-Side Request Forgery via Add Link Handler
CVSS 2.7
CVE-2025-32102 MEDIUM
CrushFTP 9.0.0-10.8.4 and 11.0.0-11.3.1 - Server-Side Request Forgery via TelnetSocket Command
CVSS 5.0
CVE-2025-30964 MEDIUM
Photography < 7.7.6 - Server-Side Request Forgery
CVSS 5.4
Details
Vulnerabilities 2,708
Links
MITRE CWE Entry Search this CWE With Exploits