Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,749 vulnerabilities with CWE-918

CVE-2023-28111 MEDIUM

Discourse < 3.1.0 - Server-Side Request Forgery via IPv4-Mapped IPv6 Address Bypass

CVE-2023-28155 MEDIUM

Request < 2.88.1 - Server-Side Request Forgery via Cross-Protocol Redirect

CVE-2023-27896 MEDIUM

SAP BusinessObjects Business Intelligence Platform 420, 430 - Server-Side Request Forgery

CVE-2023-27271 MEDIUM

SAP BusinessObjects Web Services <430 - DoS

CVE-2023-26459 HIGH

SAP NetWeaver AS for ABAP and ABAP Platform <791 - Info Disclosure

CVE-2023-27161 HIGH

Jellyfin < 10.7.7 - Server-Side Request Forgery via /Repositories Component

CVE-2023-25230 MEDIUM

Loonflow r2.0.14 - Server-Side Request Forgery via hook_url Parameter

CVE-2023-26492 MEDIUM

Directus <9.23.0 - Server-Side Request Forgery via File Import DNS Rebinding

CVE-2023-20062 MEDIUM

Cisco Unified Intelligence Center - SSRF

CVE-2023-1046 MEDIUM

MuYuCMS 2.2 - Server-Side Request Forgery via getFile url Parameter

CVE-2023-22936 MEDIUM

Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 & Splunk Cloud < 9.0.2209.3 - SSRF via search_listener

CVE-2023-25162 MEDIUM

Nextcloud Server < 23.0.12 - Server-Side Request Forgery via IP Filter Bypass

CVE-2023-25557 HIGH

DataHub < 0.8.45 - Server-Side Request Forgery via Frontend Proxy

CVE-2023-0574 MEDIUM

YugabyteDB Managed 2.0.0.0-2.13.0.0 - Server-Side Request Forgery

CVE-2023-23943 MEDIUM

Nextcloud Mail < 1.15.0 - Server-Side Request Forgery via SMTP/IMAP/Sieve Host Fields

CVE-2023-24623 HIGH

paranoidhttp < 0.3.0 - Server-Side Request Forgery via IPv6 Loopback Bypass

CVE-2023-24622 MEDIUM

safeurl-python < 1.2 - Server-Side Request Forgery via isInList Regular Expression

CVE-2023-24060 MEDIUM

Haven 5d15944 - Authenticated Server-Side Request Forgery via Feed URL Parameter

CVE-2023-24495 MEDIUM

Tenable.sc 5.23.1 - Authenticated Server-Side Request Forgery

CVE-2023-23560 CRITICAL

Lexmark B2236/B2338/B2442/B2546/B2650/B2865/B3340/B3442/C2240/C2325/C2326/C2425/C2535/C3224/C3326 Firmware SSRF

CVE-2023-20002 MEDIUM

Cisco TelePresence CE - Auth Bypass

CVE-2023-22493 HIGH

RSSHub < 2023-01-10 - Server-Side Request Forgery via Affected Routes

CVE-2023-21761 HIGH

Microsoft Exchange Server - Info Disclosure

CVE-2022-25777 MEDIUM

Mautic < 4.4.12 - Authenticated Server-Side Request Forgery

CVE-2022-1751 HIGH

Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery via image.php

Previous Page 78 of 110 Next

Details

Vulnerabilities 2,749

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy