CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,714 vulnerabilities with CWE-918
CVE-2025-25760 HIGH
SUCMS 1.0 admin_webgather.php - Server-Side Request Forgery
CVSS 7.5
CVE-2025-25827 MEDIUM
Emlog Pro 2.5.4 sort.php - Server-Side Request Forgery
CVSS 6.8
CVE-2025-25785 CRITICAL
JizhiCMS 2.5.4 PluginsController - Server-Side Request Forgery
CVSS 9.1
CVE-2025-1548 LOW
Dreamer CMS 4.1.3 - Cross-Site Scripting via Editor Value Parameter
CVSS 3.5
CVE-2025-1043 MEDIUM
Embed Any Document <= 2.7.5 - Authenticated SSRF via embeddoc Shortcode
CVSS 6.4
CVE-2025-27090 MEDIUM
Sliver 1.5.26-1.5.42 - Server-Side Request Forgery via Reverse Port Forwarding
CVSS 5.3
CVE-2025-1447 MEDIUM
Kasuganosoras Pigeon <1.0.177 - SSRF
CVSS 4.3
CVE-2025-20075 HIGH
FileMegane >3.0.0.0 <3.4.0.0 - SSRF
CVSS 7.2
CVE-2025-25297 HIGH
Label Studio < 1.16.0 - Server-Side Request Forgery via S3 Endpoint Parameter
CVSS 8.6
CVE-2025-26494 HIGH
Tableau Server 2023.3-2023.3.5 - Server-Side Request Forgery
CVSS 7.7
CVE-2025-22399 HIGH
Dell UCC Edge 2.3.0 - Unauthenticated Blind Server-Side Request Forgery via Add Customer SFTP Server
CVSS 7.9
CVE-2025-1211 MEDIUM
Hex hackney < 1.21.0 - Server-Side Request Forgery via URL Parsing Bypass
CVSS 6.5
CVE-2025-25194 MEDIUM
Lemmy <= 0.19.8 ActivityPub Federation - Webfinger Server-Side Request Forgery
CVSS 4.0
CVE-2025-21177 HIGH
Microsoft Dynamics 365 Sales - Server-Side Request Forgery
CVSS 8.7
CVE-2025-25065 MEDIUM
Zimbra Collaboration <10.1.4 - SSRF
CVSS 5.3
CVE-2025-22701 MEDIUM
NotFound Traveler Layout Essential For Elementor <1.0.9 - SSRF
CVSS 5.4
CVE-2025-24354 MEDIUM
imgproxy < 3.27.2 - Server-Side Request Forgery via 0.0.0.0 Address Handling
CVSS 5.3
CVE-2025-24703 MEDIUM
DLX Plugins Comment Edit Core - SSRF
CVSS 4.4
CVE-2025-24701 MEDIUM
Kiboko Labs Chained Quiz <1.3.2.9 - SSRF
CVSS 4.4
CVE-2025-24695 MEDIUM
Extensions For CF7 <= 3.2.0 - Server-Side Request Forgery
CVSS 4.4
CVE-2025-23221 MEDIUM
Fedify 1.0.13-1.0.13, 1.1.0-1.1.10, 1.2.0-1.2.10, 1.3.0-1.3.3 - Denial of Service via Webfinger Mechanism
CVSS 5.4
CVE-2025-0584 MEDIUM
aenrich a+HRD < 7.5 - Unauthenticated Server-Side Request Forgery
CVSS 5.3
CVE-2025-0480 MEDIUM
wuzhicms 4.1.0 - Server-Side Request Forgery via sphinxhost/sphinxport Argument
CVSS 4.3
CVE-2025-22346 MEDIUM
Faizaan Gagan Course Migration for LearnDash <1.0.2 - SSRF
CVSS 6.4
CVE-2025-0474 HIGH
Invoice Ninja 5.8.56-5.11.23 - Authenticated Server-Side Request Forgery
CVSS 7.7
Details
Vulnerabilities 2,714
Links
MITRE CWE Entry Search this CWE With Exploits