Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,723 vulnerabilities with CWE-918

CVE-2024-9870 MEDIUM

GitLab 15.11-17.6.5, 17.7-17.7.4, 17.8-17.8.2 - Server-Side Request Forgery

CVE-2024-52606 LOW

SolarWinds Platform < 2025.1 - Server-Side Request Forgery

CVE-2024-56471 MEDIUM

IBM Aspera Shares <1.10.0 PL6 - SSRF

CVE-2024-56470 MEDIUM

IBM Aspera Shares <1.10.0 PL6 - SSRF

CVE-2024-44055 MEDIUM

Oshine Modules < 3.3.8 - Unauthenticated Server-Side Request Forgery

CVE-2024-10705 MEDIUM

Multiple Page Generator Plugin - MPG < 4.0.5 - Authenticated Server-Side Request Forgery via mpg_download_file_by_link

CVE-2024-13450 LOW

The Contact Form by Bit Form <2.17.4 - SSRF

CVE-2024-11913 MEDIUM

Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated Blind Server-Side Request Forgery via ajax_preview_link

CVE-2024-43710 MEDIUM

Kibana 8.7.0-8.14.3 - Server-Side Request Forgery via Fleet Health Check API

CVE-2024-42182 LOW

BigFix Patch Download Plug-ins - SSRF

CVE-2024-13360 MEDIUM

AI Power WordPress Plugin <=1.8.96 - Subscriber Server-Side Request Forgery

CVE-2024-45479 CRITICAL

Apache Ranger 2.4.0 - Server-Side Request Forgery in Edit Service Page

CVE-2024-57252 MEDIUM

otcms <= 7.46 - Server-Side Request Forgery via /admin/read.php

CVE-2024-52602 MEDIUM

matrix-media-repo < 1.3.8 - Server-Side Request Forgery

CVE-2024-52594 MEDIUM

gomatrixserverlib - Server-Side Request Forgery

CVE-2024-57767 HIGH

wangl1989/mysiteforme < 2025-01-01 - Server-Side Request Forgery via /file/download

CVE-2024-42168 HIGH

HCL MyXalytics - Out-of-Band Resource Load via HTTP

CVE-2024-6155 MEDIUM

Greenshift < 9.0.1 - Authenticated SSRF & Stored XSS via SVG Upload

CVE-2024-53705 HIGH

SonicWall SonicOS SSH Management - Server-Side Request Forgery

CVE-2024-13195 MEDIUM

donglight bookstore 1.0.0 - Server-Side Request Forgery via HttpUtil.getHtml URL Parameter

CVE-2024-54819 CRITICAL

I, Librarian <= 5.11.1 - Server-Side Request Forgery via Improper Input Validation

CVE-2024-56279 MEDIUM

Compact WP Audio Player <1.9.14 - SSRF

CVE-2024-56275 MEDIUM

Envato Envato Elements <2.0.14 - SSRF

CVE-2024-13139 MEDIUM

wangl1989 mysiteforme 1.0 - Server-Side Request Forgery via FileController doContent Function

CVE-2024-12237 MEDIUM

Photo Gallery Slideshow & Masonry Tiled Gallery <1.0.15 - SSRF

Previous Page 54 of 109 Next

Details

Vulnerabilities 2,723

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy