Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,723 vulnerabilities with CWE-918

CVE-2024-12450 CRITICAL

ragflow 0.12.0 - Server-Side Request Forgery and Arbitrary File Read via web_crawl URL Parameter

CVE-2024-12392 MEDIUM

binary-husky gpt_academic - Server-Side Request Forgery via Arxiv Paper Download URL

CVE-2024-12376 HIGH

lm-sys fastchat - Server-Side Request Forgery

CVE-2024-12068 HIGH

Hliu Llava - Server-Side Request Forgery

CVE-2024-11822 HIGH

dify 0.9.1 - Server-Side Request Forgery via API Endpoint Parameter

CVE-2024-11603 HIGH

lm-sys fastchat 0.2.36 - Server-Side Request Forgery via Queue Join Endpoint Path Parameter

CVE-2024-11449 HIGH

hliu/large_language_and_vision_assistant 1.2.0 - Server-Side Request Forgery via Path Parameter

CVE-2024-11031 HIGH

binary-husky gpt_academic 3.83 - Server-Side Request Forgery via Markdown_Translate.get_files_from_everything API

CVE-2024-11030 HIGH

GPT Academic 3.83 - Server-Side Request Forgery via HotReload Plugin

CVE-2024-10457 MEDIUM

significant-gravitas/autogpt <0.1.1 - SSRF

CVE-2024-49822 MEDIUM

IBM QRadar Advisor 1.0.0-2.6.5 - Authenticated Server-Side Request Forgery

CVE-2024-13838 MEDIUM

Uncanny Automator < 6.3 - Authenticated Server-Side Request Forgery via call_webhook Method

CVE-2024-13924 MEDIUM

FancyWP Starter Templates <= 2.0.0 - Blind SSRF via http_request_host_is_external

CVE-2024-53696 MEDIUM

QuLog Center 1.7.0-1.7.0.828, QTS 4.5.1-4.5.4.2956, QuTS hero h4.5.0-h4.5.4.2475 - SSRF

CVE-2024-13857 MEDIUM

WPGet API - Connect to any external REST API <= 2.2.10 - Authenticated Server-Side Request Forgery

CVE-2024-13904 MEDIUM

Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery via Hooks Function

CVE-2024-13697 MEDIUM

Better Messages < 2.7.4 - Unauthenticated Server-Side Request Forgery via Nice Links

CVE-2024-13907 MEDIUM

Total Upkeep WordPress Plugin <= 1.16.8 - Authenticated SSRF via Download Function

CVE-2024-13905 MEDIUM

OneStore Sites <= 0.1.1 - Unauthenticated Server-Side Request Forgery via class-export.php

CVE-2024-30150 MEDIUM

HCL MyCloud - Unauthenticated Privilege Escalation and Information Disclosure

CVE-2024-13695 MEDIUM

Enfold < 6.0.9 - Authenticated Server-Side Request Forgery via attachment_id Parameter

CVE-2024-37359 HIGH

Hitachi Vantara Pentaho Business Analytics Server <10.2.0.0-9.3.0.9...

CVE-2024-13741 MEDIUM

ProfileGrid <= 5.9.4.2 - Authenticated Limited SSRF via pm_upload_image

CVE-2024-13879 MEDIUM

Stream plugin for WordPress <4.0.2 - SSRF

CVE-2024-13834 MEDIUM

Responsive Plus - Elementor Templates & Starter Sites <= 3.1.4 - Server-Side Request Forgery

Previous Page 53 of 109 Next

Details

Vulnerabilities 2,723

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy