Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,740 vulnerabilities with CWE-918

CVE-2024-30531 MEDIUM

Nelio Content < 3.2.0 - Server-Side Request Forgery

CVE-2024-24888 MEDIUM

Kadence WP Gutenberg Blocks <3.2.25 - SSRF

CVE-2024-25187 HIGH

71cms 1.0.0 - Unauthenticated Server-Side Request Forgery via getweather.html

CVE-2024-30453 MEDIUM

Brave Popup Builder < 0.6.5 - Server-Side Request Forgery

CVE-2024-27775 HIGH

SysAid < 23.2.14 b18 - Server-Side Request Forgery

CVE-2024-29090 MEDIUM

Jordy Meow AI Engine: ChatGPT Chatbot <= 2.1.4 - Authenticated Server-Side Request Forgery

CVE-2024-23500 HIGH

Gutenberg Blocks by Kadence Blocks <= 3.2.19 - Server-Side Request Forgery

CVE-2024-0677 MEDIUM

Pz-LinkCard < 2.5.3 - Authenticated Server-Side Request Forgery via Shortcode

CVE-2024-2206 MEDIUM

gradio < 4.18.0 - Server-Side Request Forgery via Proxy Route URL Validation

CVE-2024-28435 MEDIUM

Twenty CRM 0.3.0 - Server-Side Request Forgery via File Upload

CVE-2024-29190 HIGH

MobSF <= 3.9.5 Beta - android:host Server-Side Request Forgery

CVE-2024-2828 MEDIUM

lakernote EasyAdmin < 2024-03-15 - Server-Side Request Forgery via Thumbnail URL Parameter

CVE-2024-2827 MEDIUM

lakernote easyadmin < 2024-03-15 - Server-Side Request Forgery via /ureport/designer/saveReportFile

CVE-2024-27927 MEDIUM

RSSHub <1.0.0-master.a429472 - Server-Side Request Forgery via Arbitrary HTTP Fetch

CVE-2024-24028 MEDIUM

Likeshop < 2.5.7 - Server-Side Request Forgery via Avatar Parameter

CVE-2024-25294 CRITICAL

REBUILD 3.5 - Server-Side Request Forgery via FileDownloader.java Proxy Download URL Parameter

CVE-2024-27098 MEDIUM

GLPI 9.5.0-10.0.12 - Authenticated Server-Side Request Forgery via Arbitrary Object Instantiation

CVE-2024-28752 CRITICAL

Apache CXF < 3.5.8 - Server-Side Request Forgery via Aegis DataBinding

CVE-2024-1884 MEDIUM

PaperCut NG/MF < 20.1.10 - Server-Side Request Forgery

CVE-2024-28668 MEDIUM

DedeCMS 5.7 - Cross-Site Request Forgery in mychannel_add.php

CVE-2024-2049 MEDIUM

Citrix SD-WAN Standard/Premium Editions 11.4.0-11.4.4.46 - Server-Side Request Forgery via Management IP Access

CVE-2024-27707 MEDIUM

Huly Platform 0.6.202 - Server-Side Request Forgery via SVG File Upload

CVE-2024-27565 CRITICAL

ChatGPT-wechat-personal <a0857f6 - SSRF

CVE-2024-27564 MEDIUM

ChatGPT个人专用版 - Server Side Request Forgery

CVE-2024-27563 MEDIUM

WonderCMS 3.1.3 - Server-Side Request Forgery via PluginThemeUrl Parameter

Previous Page 66 of 110 Next

Details

Vulnerabilities 2,740

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy