CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,740 vulnerabilities with CWE-918
CVE-2024-29029 MEDIUM
Memos 0.13.2 - Cross-Site Scripting & SSRF
CVSS 6.1
CVE-2024-29030 MEDIUM
Memos 0.13.2 - Server-Side Request Forgery
CVSS 5.8
CVE-2024-29028 MEDIUM
Memos 0.13.2 - Server-Side Request Forgery
CVSS 5.8
CVE-2024-2796 CRITICAL
Akana API Platform <2022.1.3 - SSRF
CVSS 9.3
CVE-2024-29021 CRITICAL
Judge0 <=1.13.0 - Server-Side Request Forgery Sandbox Escape to Root
CVSS 9.0
CVE-2024-31229 MEDIUM
Really Simple Plugins Really Simple SSL - SSRF
CVSS 5.5
CVE-2024-29035 MEDIUM
Umbraco CMS 13.0.0-13.1.0 - Server-Side Request Forgery via Webhook Logs
CVSS 4.1
CVE-2024-22329 MEDIUM
IBM WebSphere Application Server <9.0 - SSRF
CVSS 4.3
CVE-2024-30256 MEDIUM
Open WebUI < 0.1.117 - Authenticated Blind Server-Side Request Forgery
CVSS 6.4
CVE-2024-22262 HIGH
UriComponentsBuilder - SSRF/Open Redirect
CVSS 8.1
CVE-2024-32430 MEDIUM
ActiveCampaign < 8.1.14 - Server-Side Request Forgery
CVSS 4.4
CVE-2024-32454 MEDIUM
Wappointment < 2.6.0 - Server-Side Request Forgery
CVSS 4.4
CVE-2024-31461 CRITICAL
Plane < 0.17-dev - Server-Side Request Forgery
CVSS 9.1
CVE-2024-3448 MEDIUM
Mautic < 4.4.9 - Server-Side Request Forgery via AJAX Plugin Focus Check Iframe Availability
CVSS 5.0
CVE-2024-2343 MEDIUM
Avada < 7.11.6 - Authenticated Server-Side Request Forgery via form_to_url_action
CVSS 6.4
CVE-2024-1812 HIGH
Everest Forms < 2.0.8 - Unauthenticated Server-Side Request Forgery via Font URL Parameter
CVSS 7.2
CVE-2024-1233 HIGH
WildFly Elytron Realm Token - Server-Side Request Forgery via JwtValidator.resolvePublicKey
CVSS 7.3
CVE-2024-27898 MEDIUM
SAP NetWeaver - Server-Side Request Forgery via Crafted Request
CVSS 5.3
CVE-2024-31288 HIGH
RapidLoad Power-Up for Autoptimize <2.2.11 - SSRF
CVSS 7.2
CVE-2024-27620 HIGH
Ladder 0.0.1-0.0.21 - Server-Side Request Forgery
CVSS 7.5
CVE-2024-31215 MEDIUM
Mobile Security Framework < 3.9.8 - Server-Side Request Forgery via Firebase Database Check
CVSS 6.3
CVE-2024-29007 HIGH
Apache CloudStack 4.9.1.0-4.18.1.0 - Server-Side Request Forgery via HTTP Redirect Handling
CVSS 7.3
CVE-2024-20332 MEDIUM
Cisco Identity Services Engine - Authenticated Server-Side Request Forgery
CVSS 5.5
CVE-2024-25864 CRITICAL
Friendica > 2023.12 - Server-Side Request Forgery via fpostit.php
CVSS 9.1
CVE-2024-30532 MEDIUM
Builderall Builder for WordPress <2.0.1 - SSRF
CVSS 4.9
Details
Vulnerabilities 2,740
Links
MITRE CWE Entry Search this CWE With Exploits