Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,714 vulnerabilities with CWE-918

CVE-2024-48944 MEDIUM

Apache Kylin 5.0.0-5.0.1 - Authenticated Server-Side Request Forgery via Diag API

CVE-2024-13411 MEDIUM

Zapier for WordPress <= 1.5.1 - Authenticated Server-Side Request Forgery via updated_user()

CVE-2024-10207 MEDIUM

B&R APROL < 4.4-00P5 - Authenticated Server-Side Request Forgery

CVE-2024-10206 MEDIUM

B&R APROL < 4.4-00P5 - Unauthenticated Server-Side Request Forgery

CVE-2024-13856 MEDIUM

Make Builder <1.1.10 - SSRF

CVE-2024-48590 CRITICAL

Inflectra SpiraTeam 7.2.00 - Server-Side Request Forgery via NewsReaderService

CVE-2024-13923 HIGH

Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated Server-Side Request Forgery via validate_file()

CVE-2024-9309 CRITICAL

Hliu Llava - Server-Side Request Forgery

CVE-2024-8955 HIGH

Composio 0.4.4 BrowserTool Actions - Server-Side Request Forgery File Read

CVE-2024-8952 HIGH

Composio 0.4.2 WEBTOOL_SCRAPE_WEBSITE_CONTENT - Server-Side Request Forgery

CVE-2024-8099 HIGH

vanna-ai/vanna - Server-Side Request Forgery via DuckDB SQL Query Functions

CVE-2024-7959 HIGH

open-webui 0.3.8 - Server-Side Request Forgery via OpenAI URL Parameter

CVE-2024-12882 HIGH

ComfyUI 0.2.4 Model Download APIs - Server-Side Request Forgery

CVE-2024-12779 HIGH

ragflow 0.12.0 - Server-Side Request Forgery via OPENAITTS api_base Parameter

CVE-2024-12775 MEDIUM

langgenius/dify 0.10.1 - Server-Side Request Forgery via Custom Tool Test API

CVE-2024-12766 HIGH

lollms_web_ui V13 - Server-Side Request Forgery via API Proxy Endpoint

CVE-2024-12450 CRITICAL

ragflow 0.12.0 - Server-Side Request Forgery and Arbitrary File Read via web_crawl URL Parameter

CVE-2024-12392 MEDIUM

binary-husky gpt_academic - Server-Side Request Forgery via Arxiv Paper Download URL

CVE-2024-12376 HIGH

lm-sys fastchat - Server-Side Request Forgery

CVE-2024-12068 HIGH

Hliu Llava - Server-Side Request Forgery

CVE-2024-11822 HIGH

dify 0.9.1 - Server-Side Request Forgery via API Endpoint Parameter

CVE-2024-11603 HIGH

lm-sys fastchat 0.2.36 - Server-Side Request Forgery via Queue Join Endpoint Path Parameter

CVE-2024-11449 HIGH

hliu/large_language_and_vision_assistant 1.2.0 - Server-Side Request Forgery via Path Parameter

CVE-2024-11031 HIGH

binary-husky gpt_academic 3.83 - Server-Side Request Forgery via Markdown_Translate.get_files_from_everything API

CVE-2024-11030 HIGH

GPT Academic 3.83 - Server-Side Request Forgery via HotReload Plugin

Previous Page 52 of 109 Next

Details

Vulnerabilities 2,714

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy