Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,740 vulnerabilities with CWE-918

CVE-2024-48234 MEDIUM

mipjz 5.0.5 - Server-Side Request Forgery via PostAddress Parameter

CVE-2024-48232 MEDIUM

Mipjz 5.0.5 mipPost postAddress - Server-Side Request Forgery File Read

CVE-2024-48450 MEDIUM

Huly Platform 0.6.295 - Arbitrary File Upload and Remote Code Execution via Crafted HTML File

CVE-2024-47883 CRITICAL

OpenRefine Butterfly < 1.2.6 - Path Traversal and Server-Side Request Forgery via file:/ URL

CVE-2024-45518 HIGH

Zimbra Collaboration <10.1.1-8.8.15 - SSRF

CVE-2024-49312 MEDIUM

Edwiser Bridge <= 3.0.7 - Server-Side Request Forgery

CVE-2024-46468 HIGH

jpress <= 5.1.1 - Server-Side Request Forgery

CVE-2024-47830 CRITICAL

plane < 0.23.0 - Server-Side Request Forgery via Image Hostname Wildcard

CVE-2024-45317 HIGH

SonicWall SMA1000 <= 12.4.3-02676 - Unauthenticated Server-Side Request Forgery

CVE-2024-47167 CRITICAL

Gradio < 5.0 queue/join - Server-Side Request Forgery

CVE-2024-8977 HIGH

GitLab 15.10-17.2.8, 17.3-17.3.4, 17.4-17.4.1 - Server-Side Request Forgery via Product Analytics Dashboard

CVE-2024-45119 MEDIUM

Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier - Authenticated Server-Side Request Forgery

CVE-2024-47008 HIGH

Ivanti Avalanche < 6.4.5 - Unauthenticated Server-Side Request Forgery

CVE-2024-45291 MEDIUM

PhpSpreadsheet Image Embedding - File Read and Server-Side Request Forgery

CVE-2024-45290 HIGH

PHPSpreadsheet <1.29.2, >=2.2.0 <2.3.0 - Absolute Path Traversal via Crafted XLSX File

CVE-2024-9410 MEDIUM

Ada.cx Sentry Data Scraping Endpoint - Blind Server-Side Request Forgery

CVE-2024-45843 LOW

Mattermost 9.5.0-9.5.8 - Server-Side Request Forgery via Oracle Cloud and Alibaba Metadata Endpoints

CVE-2024-47222 CRITICAL

New Cloud MyOffice SDK Collaborative Editing Server <2.9 - SSRF

CVE-2024-40441 MEDIUM

Doccano <v1.8.4, v0.1.23 - Privilege Escalation

CVE-2024-47066 CRITICAL

lobehub/lobe_chat < 1.19.13 - Server-Side Request Forgery via Redirect Bypass

CVE-2024-43989 HIGH

Firsh Justified Image Grid <4.6.1 - SSRF

CVE-2024-46990 MEDIUM

Directus < 10.13.3 - Improper Access Control via Loopback Device Bypass

CVE-2024-38183 CRITICAL

GroupMe - Unauthenticated Privilege Escalation

CVE-2024-47049 HIGH

czim/file-handling <1.5.0, <2.3.0 - SSRF & Path Traversal

CVE-2024-6587 HIGH

litellm 1.38.10 - Server-Side Request Forgery via api_base Parameter

Previous Page 58 of 110 Next

Details

Vulnerabilities 2,740

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy