Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,723 vulnerabilities with CWE-918

CVE-2024-56800 HIGH

Firecrawl < 1.1.1 - Server-Side Request Forgery via Malicious Site Redirect

CVE-2024-10044 CRITICAL

lm-sys fastchat - Server-Side Request Forgery via POST /worker_generate_stream Endpoint

CVE-2024-13032 LOW

Antabot White-Jotter <= 0.2.2 - Server-Side Request Forgery via Article Cover URL Parameter

CVE-2024-13029 MEDIUM

Antabot White-Jotter < 0.2.2 - Server-Side Request Forgery via Book Cover URL Parameter

CVE-2024-50714 HIGH

smarts-srl.com Smart Agent <1.1.0 - SSRF

CVE-2024-12989 MEDIUM

WISI Tangram GT31 < 20241214 - Server-Side Request Forgery

CVE-2024-10903 MEDIUM

Broken Link Checker < 2.4.2 - Authenticated Server-Side Request Forgery via URL Validation Bypass

CVE-2024-51463 MEDIUM

IBM i 7.3, 7.4, and 7.5 - Server-Side Request Forgery

CVE-2024-12867 HIGH

Arctic Hub 3.0.1764-5.6.1877 - Unauthenticated Server-Side Request Forgery in URL Mapper

CVE-2024-49336 MEDIUM

IBM Security Guardium 11.5 and 12.0 - Authenticated Server-Side Request Forgery

CVE-2024-12801 LOW

logback-core 1.4.0-1.5.12 and logback 0.1-1.3.14 - Server-Side Request Forgery via DOCTYPE Declaration

CVE-2024-55082 HIGH

Stirling-PDF 0.35.1 - Server-Side Request Forgery via URL-to-PDF Endpoint

CVE-2024-12121 MEDIUM

Broken Link Checker Finder <=2.5.0 - Author Blind Server-Side Request Forgery

CVE-2024-52579 MEDIUM

Misskey < 2024.11.0 - Server-Side Request Forgery via HttpRequestService

CVE-2024-55089 MEDIUM

rhymix < 2.1.24 - Server-Side Request Forgery via XML External Entity Injection

CVE-2024-55086 HIGH

GetSimple CMS CE 3.3.19 - Server-Side Request Forgery via Plugin Download Address

CVE-2024-9624 HIGH

WP All Import Pro <= 4.9.3 - Authenticated Server-Side Request Forgery via pmxi_curl_download

CVE-2024-54385 HIGH

SoftLab Radio Player <2.0.82 - SSRF

CVE-2024-54330 HIGH

Hurrakify <= 2.4 - Server-Side Request Forgery

CVE-2024-11836 HIGH

PlexTrac 1.61.3-2.8.1 - Server-Side Request Forgery

CVE-2024-55875 CRITICAL

http4k-format-xml 5.0.0.0-5.41.0.0 - XML External Entity Injection

CVE-2024-54197 HIGH

SAP NetWeaver Administrator(System Overview) >=LM-CORE 7.50 <LM-CORE 7.50 - Authenticated Server-Side Request Forgery

CVE-2024-47578 CRITICAL

SAP NetWeaver AS for JAVA (Adobe Document Services) - Authenticated Server-Side Request Forgery

CVE-2024-48874 CRITICAL

Ruijie Reyee OS 2.206.x-2.319.x - Server-Side Request Forgery via Proxy Server

CVE-2024-6784 CRITICAL

ABB ASPECT Enterprise NEXUS and MATRIX Series < 3.08.03 - Server-Side Request Forgery

Previous Page 55 of 109 Next

Details

Vulnerabilities 2,723

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy