Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,748 vulnerabilities with CWE-918

CVE-2023-26366 MEDIUM

Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - SSRF

CVE-2023-41763 MEDIUM KEV

Skype for Business Server - Server-Side Request Forgery

CVE-2023-42477 MEDIUM

SAP NetWeaver AS Java 7.50 - Server-Side Request Forgery in GRMG Heartbeat Application

CVE-2023-39854 MEDIUM

ATX Ucrypt < 3.5 - Authenticated Server-Side Request Forgery via /hydra/view/get_cc_url Parameter

CVE-2023-44384 MEDIUM

discourse_jira < 2023-10-01 - Authenticated Server-Side Request Forgery via Jira URL Configuration

CVE-2023-3744 CRITICAL

SLims 9.6.0 - Authenticated Server-Side Request Forgery via scrape_image.php imageURL Parameter

CVE-2023-44469 MEDIUM

LemonLDAP::NG < 2.17.1 - Authenticated Server-Side Request Forgery via OpenID Connect request_uri Parameter

CVE-2023-43654 CRITICAL

TorchServe 0.1.0-0.8.1 - Server-Side Request Forgery via Model URL Parameter

CVE-2023-41449 CRITICAL

phpkobo AjaxNewsTicker 1.0.5 - Remote Code Execution via reque Parameter

CVE-2023-42812 MEDIUM

Galaxy < 22.05 - Server-Side Request Forgery via URI Handling

CVE-2023-42450 MEDIUM

Mastodon 4.2.0-beta1 to 4.2.0-rc1 - HTTP Request Injection

CVE-2023-3025 HIGH

Dropbox Folder Share plugin for WordPress <=1.9.7 - SSRF

CVE-2023-42439 HIGH

GeoNode 3.2.0-4.1.3 - Server-Side Request Forgery via Whitelist Bypass

CVE-2023-42398 CRITICAL

zzCMS 2023 - Code Execution and Information Disclosure via ueditor

CVE-2023-4893 MEDIUM

Crayon Syntax Highlighter <2.8.4 - SSRF

CVE-2023-4878 MEDIUM

InstantCMS < 2.16.1-git - Server-Side Request Forgery

CVE-2023-41327 MEDIUM

WireMock Studio < 2.32.0-17 - Server-Side Request Forgery via Webhooks Configuration

CVE-2023-39967 CRITICAL

WireMock Studio < 2.32.0-17 - Server-Side Request Forgery via TestRequester, Webhooks, or Proxy Mode

CVE-2023-41937 HIGH

Jenkins Bitbucket Push and Pull Request Plugin 2.4.0-2.8.3 - Server-Side Request Forgery via Webhook Payload

CVE-2023-36388 MEDIUM

Apache Superset <= 2.1.0 - Authenticated Server-Side Request Forgery via Network Connection Test

CVE-2023-41055 HIGH

LibreY <commit be59098abd119cda70b15bf3faac596dfd39a744 - SSRF

CVE-2023-41054 HIGH

LibreY <8f9b9803f231e2954e5b49987a532d28fe50a627 - SSRF

CVE-2023-36088 HIGH

NebulaGraph Studio 3.7.0 - Server-Side Request Forgery

CVE-2023-40969 MEDIUM

Senayan Library Management Systems SLIMS 9 Bulian <9.6.1 - SSRF

CVE-2023-4651 MEDIUM

instantcms < 2.16.1 - Server-Side Request Forgery

Previous Page 74 of 110 Next

Details

Vulnerabilities 2,748

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy