Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,708 vulnerabilities with CWE-918

CVE-2025-26990 MEDIUM

Royal Elementor Addons <= 1.7.1006 - Server-Side Request Forgery

CVE-2025-31490 HIGH

AutoGPT Platform < 0.6.1 - Server-Side Request Forgery via DNS Rebinding

CVE-2025-29720 MEDIUM

Dify v1.0 - Server-Side Request Forgery via RemoteFileUploadApi

CVE-2025-3572 HIGH

intumit smartrobot_firmware < 8.0.0 - Unauthenticated Server-Side Request Forgery

CVE-2025-22374 MEDIUM

Videx's CyberAudit-Web <1.1.3 - SSRF

CVE-2025-0539 HIGH

Microsoft Windows - Privilege Escalation

CVE-2025-32691 MEDIUM

PowerPress Podcasting <11.12.4 - SSRF

CVE-2025-32675 MEDIUM

QuantumCloud SEO Help <6.6.0 - SSRF

CVE-2025-32487 MEDIUM

Joe Waymark <= 1.5.2 - Server-Side Request Forgery

CVE-2025-31009 MEDIUM

IndieBlocks <= 0.13.1 - Server-Side Request Forgery

CVE-2025-32372 MEDIUM

Dnnsoftware Dotnetnuke < 9.13.8 - SSRF

CVE-2025-3412 MEDIUM

AIAS InferController url - Server-Side Request Forgery

CVE-2025-3411 MEDIUM

AIAS AsrController url - Server-Side Request Forgery

CVE-2025-32013 HIGH

lnbits < 0.12.12 - Server-Side Request Forgery via LNURL Callback URL

CVE-2025-32358 MEDIUM

Zammad 6.4.0-6.4.1 - Authenticated Server-Side Request Forgery via Webhook Redirect

CVE-2025-3254 MEDIUM

xujiangfei admintwo 1.0 - Server-Side Request Forgery via /resource/add Description Parameter

CVE-2025-2245 MEDIUM

Bitdefender GravityZone Update Server < 3.5.2.689 - Server-Side Request Forgery via Null-Byte Bypass

CVE-2025-2243 HIGH

Bitdefender GravityZone < 6.41.2-1 - Server-Side Request Forgery via DNS Truncation Bypass

CVE-2025-3192 HIGH

spatie/browsershot - Server-Side Request Forgery via setUrl() Function

CVE-2025-31824 MEDIUM

Wombat Plugins WP Optin Wheel <1.4.7 - SSRF

CVE-2025-31796 MEDIUM

ElementsCSS Addons for Elementor <1.0.8.7 - SSRF

CVE-2025-21384 HIGH

Microsoft Azure Health Bot - Authenticated Server-Side Request Forgery

CVE-2025-31117 HIGH

OpenEMR < 7.0.3.1 - Server-Side Request Forgery

CVE-2025-31116 MEDIUM

Mobile Security Framework < 4.3.2 - Server-Side Request Forgery via DNS Rebinding

CVE-2025-2997 MEDIUM

zhangyanbo2007 youkefu 4.2.0 - SSRF

Previous Page 47 of 109 Next

Details

Vulnerabilities 2,708

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy