Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,748 vulnerabilities with CWE-918

CVE-2023-4624 LOW

bookstackapp/bookstack <v23.08 - SSRF

CVE-2023-40017 HIGH

GeoNode 3.2.0-4.1.2 - Server-Side Request Forgery via Proxy Endpoint

CVE-2023-37379 HIGH

Apache Airflow < 2.7.0 - Authenticated Denial of Service via Connection Test Feature

CVE-2023-37440 MEDIUM

Aruba EdgeConnect SD-WAN Orchestrator < 9.3.1 - Unauthenticated Server-Side Request Forgery

CVE-2023-24515 MEDIUM

Pandora FMS < 767 - Server-Side Request Forgery via API Checker URL Scheme

CVE-2023-35011 MEDIUM

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 - Authenticated Server-Side Request Forgery

CVE-2023-40033 HIGH

Flarum < 1.8.0 - Authenticated Server-Side Request Forgery via File Upload MIME Spoofing

CVE-2023-3958 HIGH

WP Remote Users Sync <= 1.2.12 - Authenticated Server-Side Request Forgery via notify_ping_remote AJAX Function

CVE-2023-26442 LOW

Open-Xchange App Suite Cacheservice - Sproxyd Redirect Server-Side Request Forgery

CVE-2023-26438 MEDIUM

Open-Xchange App Suite - JDK DNS Cache Server-Side Request Forgery

CVE-2023-39110 HIGH

rconfig v3.9.4 - Authenticated Server-Side Request Forgery via path parameter

CVE-2023-39109 HIGH

rconfig v3.9.4 - Authenticated Server-Side Request Forgery via path_a Parameter

CVE-2023-39108 HIGH

rconfig 3.9.4 - Authenticated Server-Side Request Forgery via path_b Parameter

CVE-2023-3981 MEDIUM

Omeka < 4.0.2 - Server-Side Request Forgery

CVE-2023-37290 HIGH

InfoDoc Document System - Unauthenticated SSRF via HTML to PDF Conversion

CVE-2023-29260 MEDIUM

IBM Sterling Connect:Express for UNIX 1.5 - SSRF

CVE-2023-3577 LOW

Mattermost 7.8.0-7.8.6 - Blind Server-Side Request Forgery via Interactive Dialog

CVE-2023-32052 MEDIUM

Microsoft Power Apps < 9.2.23042 - Spoofing

CVE-2023-36925 HIGH

SAP Solution Manager 7.20 - Unauthenticated Server-Side Request Forgery

CVE-2023-3578 MEDIUM

dedecms 5.7.109 - Server-Side Request Forgery via co_do.php rssurl Parameter

CVE-2023-37262 CRITICAL

CC: Tweaked < 1.16.5-1.101.3 - Server-Side Request Forgery via Unrestricted Cloud Metadata Endpoints

CVE-2023-37261 CRITICAL

OpenComputers 1.2.0-1.8.3 - Server-Side Request Forgery via Internet Card Feature

CVE-2023-35175 CRITICAL

HP LaserJet Pro MFP M478-M479 & M453-M454 < 002_2322c - RCE & Privilege Escalation via SSRF

CVE-2023-3432 CRITICAL

PlantUML < 1.2023.9 - Server-Side Request Forgery

CVE-2023-33176 MEDIUM

BigBlueButton <2.5.18 - Server-Side Request Forgery via insertDocument URL

Previous Page 75 of 110 Next

Details

Vulnerabilities 2,748

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy