CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,714 vulnerabilities with CWE-918
CVE-2025-0188 MEDIUM
gaizhenbiao/chuanhuchatgpt 20240914 - SSRF
CVSS 6.5
CVE-2025-0184 MEDIUM
langgenius/dify < 0.11.0 - Server-Side Request Forgery via DOCX External Relationship
CVSS 6.5
CVE-2025-27777 HIGH
Applio < 3.2.7 - Server-Side Request Forgery in model_download.py
CVSS 7.5
CVE-2025-27776 MEDIUM
Applio < 3.2.7 - Server-Side Request Forgery and Arbitrary File Write in model_download.py
CVSS 5.3
CVE-2025-27775 MEDIUM
Applio < 3.2.7 - Server-Side Request Forgery and Arbitrary File Write via model_download.py
CVSS 5.3
CVE-2025-27774 MEDIUM
Applio < 3.2.7 - Server-Side Request Forgery and Arbitrary File Write via model_download.py
CVSS 5.3
CVE-2025-22474 MEDIUM
Dell SmartFabric OS10 10.5.4.0-10.5.4.13 - Authenticated Server-Side Request Forgery
CVSS 6.8
CVE-2025-2192 MEDIUM
Stoque Zeev.it 4.24 - Server-Side Request Forgery via inpRedirectURL Parameter
CVSS 4.3
CVE-2025-27430 LOW
SAP CRM and S/4HANA Interaction Center - Server-Side Request Forgery
CVSS 3.5
CVE-2025-22603 HIGH
autogpt_platform < 0.4.2 - Server-Side Request Forgery via IPv6 Address Handling
CVSS 8.1
CVE-2025-2116 MEDIUM
Beijing Founder Electronics Founder Enjoys All-Media Acquisition an...
CVSS 4.3
CVE-2025-27152 MEDIUM
axios < 1.8.2 - Server-Side Request Forgery via Absolute URL Handling
CVSS 5.3
CVE-2025-27600 MEDIUM
fastgpt < 4.9.0 - Server-Side Request Forgery via Web Crawling Plugin
CVSS 6.5
CVE-2025-27655 CRITICAL
Vasion Print < 20.0.2014 and Virtual Appliance < 22.0.862 - Server-Side Request Forgery
CVSS 9.8
CVE-2025-27652 CRITICAL
Vasion Print < 20.0.2014 and Virtual Appliance < 22.0.862 - Server-Side Request Forgery
CVSS 9.8
CVE-2025-27651 CRITICAL
Vasion Print < 20.0.2014 and Virtual Appliance < 22.0.862 - Server-Side Request Forgery
CVSS 9.8
CVE-2025-27501 HIGH
OpenZiti Admin Panel - Unauthenticated Server-Side Request Forgery
CVSS 8.6
CVE-2025-25303 MEDIUM
MouseTooltipTranslator pdf.mjs - Browser-Mediated Request Forgery
CVE-2025-25301 HIGH
rembg < 2.0.57 - Server-Side Request Forgery via /api/remove URL Parameter
CVSS 7.5
CVE-2025-1849 MEDIUM
zframeworks zz < 2024-8 - Server-Side Request Forgery via /import_data_todb URL Parameter
CVSS 6.3
CVE-2025-1848 MEDIUM
zframeworks zz < 2024-8 - Server-Side Request Forgery via /import_data_check URL Parameter
CVSS 6.3
CVE-2025-1833 MEDIUM
zframeworks zz < 2024-8 - Server-Side Request Forgery via sendNotice URL Parameter
CVSS 6.3
CVE-2025-1799 MEDIUM
Zorlan SkyCaiji 2.9 - Server-Side Request Forgery via Tool.php previewAction
CVSS 6.3
CVE-2025-1662 MEDIUM
URL Media Uploader <= 1.0.0 - Authenticated Server-Side Request Forgery via url_media_uploader_url_upload Action
CVSS 6.4
CVE-2025-22952 CRITICAL
Memos 0.23.0 URL Validation - Server-Side Request Forgery
CVSS 9.8
Details
Vulnerabilities 2,714
Links
MITRE CWE Entry Search this CWE With Exploits