Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,742 vulnerabilities with CWE-918

CVE-2023-35817 MEDIUM

DevExpress < 23.1.3 - Server-Side Request Forgery via AsyncDownloader

CVE-2023-6195 LOW

GitLab CE/EE <16.9.7, <16.10.5, <16.11.2 - SSRF

CVE-2023-50733 HIGH

Lexmark Web Services - Server-Side Request Forgery

CVE-2023-50913 CRITICAL

Oxide control plane software < 5 - Server-Side Request Forgery

CVE-2023-37230 HIGH

Loftware Spectrum < 5.1 - Server-Side Request Forgery via testDeviceConnection

CVE-2023-37229 HIGH

Loftware Spectrum < 5.1 - Server-Side Request Forgery

CVE-2023-31456 MEDIUM

Fluid Topics < 4.3 - Authenticated Server-Side Request Forgery

CVE-2023-50952 MEDIUM

IBM InfoSphere Information Server 11.7 - Authenticated Server-Side Request Forgery

CVE-2023-45195 MEDIUM

AdminerEvo < 4.8.4 - Unauthenticated Server-Side Request Forgery via Database Connection Fields

CVE-2023-7073 MEDIUM

WordPress Auto Featured Image <4.0.0 - SSRF

CVE-2023-46784 HIGH

ICS Calendar <10.12.0.3 - Path Traversal

CVE-2023-46295 CRITICAL

Teledyne FLIR M300 2.00-19 - Unauthenticated Remote Code Execution via PHP Page

CVE-2023-7253 MEDIUM

Import WP < 2.13.1 - Authenticated Server-Side Request Forgery

CVE-2023-6805 MEDIUM

RSS Aggregator by Feedzy < 4.4.7 - Authenticated Blind Server-Side Request Forgery via fetch_feed

CVE-2023-40148 MEDIUM

PingFederate 11.0-11.3 - Unauthenticated Server-Side Request Forgery

CVE-2023-6964 HIGH

Kadence Blocks < 3.1.26 - Authenticated SSRF via kadence_import_get_new_connection_data

CVE-2023-45705 LOW

HCL BigFix Platform 10.0.0-10.0.10 - Authenticated Server-Side Request Forgery via SMTP Configuration

CVE-2023-50374 MEDIUM

CMP - Coming Soon & Maintenance < 4.1.10 - Server-Side Request Forgery

CVE-2023-39313 HIGH

ThemeFusion Avada < 7.11.1 - Authenticated Server-Side Request Forgery

CVE-2023-36679 HIGH

Brainstorm Force Spectra <= 2.6.6 - Server-Side Request Forgery

CVE-2023-34370 HIGH

Brainstorm Force Starter Templates - SSRF

CVE-2023-49785 CRITICAL

NextChat < 2.11.2 - Server-Side Request Forgery and Cross-Site Scripting

CVE-2023-47635 MEDIUM

Decidim 0.23.0-0.27.4 - Server-Side Request Forgery via Questionnaire Templates Preview

CVE-2023-5122 MEDIUM

Grafana CSV Datasource Plugin - Server-Side Request Forgery via Bare Host URL

CVE-2023-6294 HIGH

Popup Builder < 4.2.6 - Authenticated Server-Side Request Forgery via Unvalidated Parameter

Previous Page 69 of 110 Next

Details

Vulnerabilities 2,742

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy