Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,740 vulnerabilities with CWE-918

CVE-2024-36675 CRITICAL

lylme_spage 1.9.5 - Server-Side Request Forgery via get_head Function

CVE-2024-4219 MEDIUM

BeyondInsight < 23.2 - Server-Side Request Forgery via HTTP-based Connectors

CVE-2024-35635 MEDIUM

Ninja Tables < 5.0.9 - Server-Side Request Forgery

CVE-2024-35633 MEDIUM

Blocksy Companion <= 2.0.42 - Server-Side Request Forgery

CVE-2024-35637 MEDIUM

Church Admin < 4.3.6 - Server-Side Request Forgery

CVE-2024-4469 HIGH

WP STAGING < 3.5.0 - Authenticated Server-Side Request Forgery

CVE-2024-36427 HIGH

TARGIT Decision Suite <24.06.19002 - Authenticated Code Execution

CVE-2024-29415 HIGH

Node ip package <=2.0.1 - Server-Side Request Forgery via IP Misclassification

CVE-2024-4399 CRITICAL

Apero Central Authentication Service - Unauthenticated Server-Side Request Forgery

CVE-2024-1855 MEDIUM

WPCafe < 2.2.23 - Unauthenticated Server-Side Request Forgery via wpc_check_for_submission

CVE-2024-25738 CRITICAL

VuFind 2.0-9.1 - Server-Side Request Forgery via /Upgrade/FixConfig Route

CVE-2024-5031 HIGH

MemberPress < 1.11.29 - Authenticated Blind Server-Side Request Forgery via mepr-user-file Shortcode

CVE-2024-30420 MEDIUM

a-blog cms 3.0.0-3.0.31 and 3.1.0-3.1.11 - Authenticated Server-Side Request Forgery

CVE-2024-4789 MEDIUM

Cost Calculator Builder Pro <3.1.72 - SSRF

CVE-2024-3970 MEDIUM

OpenText iManager <3.2.6.0200 - SSRF

CVE-2024-3485 MEDIUM

OpenText iManager 3.0-3.2.6 - Server-Side Request Forgery

CVE-2024-4894 MEDIUM

ITPison OMICARD EDM < 6.0 - Unauthenticated Server-Side Request Forgery via URL Parameter

CVE-2024-4562 MEDIUM

WhatsUp Gold < 23.1.2 - Authenticated Server-Side Request Forgery in HTTP Monitoring

CVE-2024-4561 MEDIUM

WhatsUp Gold < 23.1.2 - Server-Side Request Forgery via FaviconController

CVE-2024-0862 MEDIUM

Proofpoint Enterprise Protection - SSRF

CVE-2024-33864 MEDIUM

linqi < 1.4.0.1 - Server-Side Request Forgery via Document Template Generation

CVE-2024-35172 MEDIUM

ShortPixel Adaptive Images <3.8.3 - SSRF

CVE-2024-34351 HIGH

Next.js 13.4.0-14.1.1 - Server-Side Request Forgery via Server Actions Redirect

CVE-2024-33250 HIGH

Open-Source Technology Committee SRS <4.0.268,4.0.195 - RCE

CVE-2024-32964 CRITICAL

lobehub/lobe_chat < 0.150.6 - Unauthenticated Server-Side Request Forgery via /api/proxy Endpoint

Previous Page 63 of 110 Next

Details

Vulnerabilities 2,740

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy