CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,740 vulnerabilities with CWE-918
CVE-2024-39739 MEDIUM
IBM Datacap Navigator 9.1.5-9.1.9 - Authenticated Server-Side Request Forgery
CVSS 5.4
CVE-2024-40544 HIGH
PublicCMS < 4.0.202302.e - Server-Side Request Forgery via Maintenance SysTask Edit
CVSS 8.8
CVE-2024-40543 HIGH
PublicCMS < 4.0.202302.e - Server-Side Request Forgery via /admin/ueditor?action=catchimage
CVSS 8.8
CVE-2024-32987 HIGH
Microsoft SharePoint Server - Information Disclosure
CVSS 7.5
CVE-2024-37171 MEDIUM
SAP Transportation Management Collaboration Portal - Server-Side Request Forgery
CVSS 5.0
CVE-2024-34689 MEDIUM
SAP Business Workflow WebFlow - Authenticated Internal Endpoint Enumeration
CVSS 5.0
CVE-2024-39598 MEDIUM
SAP CRM WebClient UI Framework - Authenticated Server-Side Request Forgery
CVSS 5.0
CVE-2024-39699 MEDIUM
Directus < 10.9.3 - Server-Side Request Forgery via Redirect Bypass
CVSS 5.0
CVE-2024-31897 MEDIUM
IBM Cloud Pak for Business Automation <23.0.2 - SSRF
CVSS 4.3
CVE-2024-6095 MEDIUM
mudler/localai < 2.17.0 - Server-Side Request Forgery and Partial Local File Inclusion via /models/apply Endpoint
CVSS 5.8
CVE-2024-37260 HIGH
Theme-Ruby Foxiz <= 2.3.5 - Server-Side Request Forgery
CVSS 7.2
CVE-2024-37208 MEDIUM
Robert Macchi WP Scraper <5.7 - SSRF
CVSS 4.9
CVE-2024-34361 HIGH
Pi-hole <5.18.3 - Command Injection
CVSS 8.5
CVE-2024-39687 HIGH
Fedify < 0.9.2, 0.10.0, 0.11.0 - Server-Side Request Forgery via ActivityPub Resource Resolution
CVSS 7.2
CVE-2024-29319 CRITICAL
Volmarg Personal Management System 1.4.64 - SSRF
CVSS 9.8
CVE-2024-6524 MEDIUM
ShopXO < 6.1.0 - Server-Side Request Forgery via Uploader.php Source Parameter
CVSS 5.5
CVE-2024-37157 MEDIUM
Discourse < 3.2.3 and < 3.3.0.beta4 - Server-Side Request Forgery via FastImage Library
CVSS 6.4
CVE-2024-38472 HIGH
Apache HTTP Server 2.4.0-2.4.59 - Server-Side Request Forgery via UNC Path Handling
CVSS 7.5
CVE-2024-6424 CRITICAL
MESbook 20221021.03 - Unauthenticated Server-Side Request Forgery via Proxy Endpoint
CVSS 9.3
CVE-2024-38514 HIGH
NextChat <2.12.4 - Server-Side Request Forgery via WebDav endpoint
CVSS 7.4
CVE-2024-5736 HIGH
AdmirorFrames < 5.0 - Server-Side Request Forgery via afGdStream.php
CVSS 7.5
CVE-2024-5885 HIGH
Quivr 0.0.236 - Server-Side Request Forgery via Website Crawler
CVSS 8.6
CVE-2024-5822 CRITICAL
ChuanhuChatGPT <= 20240410-git.zip SSRF via Upload Interface
CVSS 9.8
CVE-2024-37098 MEDIUM
BlossomThemes Email Newsletter <= 2.2.6 - Server-Side Request Forgery
CVSS 4.4
CVE-2024-34581 HIGH
W3C XML Signature Syntax - SSRF
CVSS 7.3
Details
Vulnerabilities 2,740
Links
MITRE CWE Entry Search this CWE With Exploits