Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,740 vulnerabilities with CWE-918

CVE-2024-34580 MEDIUM

Apache XML Security for C++ <2.0.4 - SSRF

CVE-2024-29173 MEDIUM

Dell PowerProtect DD < 7.13 - Server-Side Request Forgery

CVE-2024-5015 HIGH

WhatsUp Gold < 23.1.3 - Authenticated Server-Side Request Forgery in SessionController

CVE-2024-5014 HIGH

WhatsUp Gold < 23.1.3 - Authenticated Server-Side Request Forgery via GetASPReport Feature

CVE-2024-5746 HIGH

GitHub Enterprise Server < 3.9.16 - Authenticated Remote Code Execution via SSRF

CVE-2024-37818 HIGH

strapi.io Image Proxy - Server-Side Request Forgery

CVE-2024-5021 CRITICAL

WordPress Picture/Portfolio/Media Gallery <3.0.1 - SSRF

CVE-2024-4404 HIGH

ElementsKit PRO <= 3.6.2 - Authenticated Server-Side Request Forgery via render_raw Function

CVE-2024-37164 HIGH

CVAT 2.1.0-2.14.3 - Server-Side Request Forgery via Cloud Storage Endpoint URL

CVE-2024-34111 MEDIUM

Adobe Commerce 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier - Authenticated Server-Side Request Forgery

CVE-2024-36471 HIGH

Apache Allura 1.0.1-1.16.0 - Server-Side Request Forgery via Import Functionality

CVE-2024-36414 HIGH

SuiteCRM < 7.14.4 - Server-Side Request Forgery via Connectors File Verification

CVE-2024-4354 MEDIUM

TablePress <= 2.3 - Authenticated Server-Side Request Forgery via get_files_to_import()

CVE-2024-5328 CRITICAL

lunary - Server-Side Request Forgery via SAML IDP XML Download Endpoint

CVE-2024-5186 HIGH

privategpt 0.5.0 - Server-Side Request Forgery via File Upload Path Parameter

CVE-2024-4851 HIGH

Quivr 0.0.204 - Server-Side Request Forgery via Crawl URL Parameter

CVE-2024-3149 HIGH

AnythingLLM Upload Link - Manager Server-Side Request Forgery

CVE-2024-3095 HIGH

langchain 0.1.5-<0.2.9 - Server-Side Request Forgery via Web Research Retriever

CVE-2024-5482 CRITICAL

lollms_web_ui - Server-Side Request Forgery via add_webpage Endpoint

CVE-2024-4325 HIGH

gradio < 4.41.0 - Server-Side Request Forgery via /queue/join Endpoint

CVE-2024-3152 HIGH

mintplex-labs/anything-llm - Privilege Escalation, SSRF

CVE-2024-4177 HIGH

Bitdefender GravityZone < 6.38.1-2 - Server-Side Request Forgery via Host Whitelist Parser

CVE-2024-20404 HIGH

Cisco Finesse - Unauthenticated Server-Side Request Forgery

CVE-2024-5526 HIGH

Grafana OnCall 1.1.37-1.5.1 - Server-Side Request Forgery via Webhook Functionality

CVE-2024-4084 HIGH

AnythingLLM URL Validation Bypass - Server-Side Request Forgery

Previous Page 62 of 110 Next

Details

Vulnerabilities 2,740

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy