Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,742 vulnerabilities with CWE-918

CVE-2024-27564 MEDIUM

ChatGPT个人专用版 - Server Side Request Forgery

CVE-2024-27563 MEDIUM

WonderCMS 3.1.3 - Server-Side Request Forgery via PluginThemeUrl Parameter

CVE-2024-27561 HIGH

WonderCMS 3.1.3 - Server-Side Request Forgery via installUpdateThemePluginAction

CVE-2024-2057 MEDIUM

LangChain Community 0.0.26 - Server-Side Request Forgery in TFIDFRetriever load_local

CVE-2024-27949 MEDIUM

Sirv CDN and Image Hosting Sirv <= 7.2.0 - Server-Side Request Forgery

CVE-2024-0403 MEDIUM

Recipes 1.5.10 - Server-Side Request Forgery

CVE-2024-1978 MEDIUM

Friends <= 2.8.5 - Authenticated Server-Side Request Forgery via discover_available_feeds

CVE-2024-26476 LOW

openemr < 7.0.2 - Server-Side Request Forgery via ereq_form.php formid Parameter

CVE-2024-1965 MEDIUM

Haivision's Aviwest Manager & Aviwest Steamhub - SSRF

CVE-2024-1568 MEDIUM

Seraphinite Accelerator <= 2.20.52 - Authenticated Server-Side Request Forgery via OnAdminApi_HtmlCheck

CVE-2024-0759 HIGH

AnythingLLM - Manager-Level Server-Side Request Forgery via Link Scraper

CVE-2024-22873 HIGH

Tencent Blueking CMDB 3.2.2-3.9.47 - Server-Side Request Forgery via Event Subscription Function

CVE-2024-1758 MEDIUM

SuperFaktura WooCommerce <= 1.40.3 - Authenticated Server-Side Request Forgery via wc_sf_url_check Function

CVE-2024-0455 HIGH

AnythingLLM - Authenticated Server-Side Request Forgery via Web Scraper URL Parameter

CVE-2024-0440 MEDIUM

Mintplexlabs AnythingLLM - Server-Side Request Forgery

CVE-2024-0243 HIGH

langchain < 0.1.0 - Server-Side Request Forgery via RecursiveUrlLoader

CVE-2024-25915 MEDIUM

Pexels: Free Stock Photos <= 1.2.2 - Server-Side Request Forgery

CVE-2024-23654 MEDIUM

discourse-ai < 2024-02-21 - Server-Side Request Forgery via AI Service Interaction

CVE-2024-21498 MEDIUM

caddy-security - Server-Side Request Forgery via X-Forwarded-Host Header Manipulation

CVE-2024-23788 HIGH

Sharp JH-RVB1/JH-RV11 Firmware < B0.1.9.1 - Unauthenticated Server-Side Request Forgery

CVE-2024-23761 CRITICAL

Gambio 4.9.2.0 - Remote Code Execution via Smarty Email Template SSTI

CVE-2024-24829 MEDIUM

Sentry 9.1.0-24.1.1 - Server-Side Request Forgery via Phabricator Integration

CVE-2024-24113 HIGH

xxl-job <= 2.4.1 - Server-Side Request Forgery

CVE-2024-24806 HIGH

libuv 1.24.0-1.47.0 - Server-Side Request Forgery via Hostname Truncation

CVE-2024-0628 LOW

WP RSS Aggregator <= 4.23.5 - Authenticated Server-Side Request Forgery via RSS Feed Source

Previous Page 67 of 110 Next

Details

Vulnerabilities 2,742

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy