Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,750 vulnerabilities with CWE-918

CVE-2022-40842 CRITICAL

Ndk design NdkAdvancedCustomizationFields <3.5.0 - SSRF

CVE-2022-4096 MEDIUM

Appsmith < 1.8.2 - Server-Side Request Forgery

CVE-2022-41609 MEDIUM

WordPress Better Messages <1.9.10.68 - SSRF

CVE-2022-43183 HIGH

XXL-Job <2.3.1 - Server-Side Request Forgery via JobLogController

CVE-2022-43140 HIGH

kkFileView 4.1.0 - Server-Side Request Forgery via OnlinePreviewController url Parameter

CVE-2022-42894 HIGH

syngo Dynamics < VA40G HF01 - Unauthenticated Server-Side Request Forgery

CVE-2022-39383 MEDIUM

KubeVela < 1.5.9 and 1.6.0-alpha.1-1.6.2 - Server-Side Request Forgery via Helm Chart Warehouse Request

CVE-2022-41906 HIGH

OpenSearch Notifications < 2.2.1.0 - Server-Side Request Forgery via HTTP Requests

CVE-2022-42494 LOW

All in One SEO Pro <= 4.2.5.1 - Server-Side Request Forgery

CVE-2022-20958 HIGH

Cisco BroadWorks CommPilot Application < 23.0 - Unauthenticated Server-Side Request Forgery

CVE-2022-20951 HIGH

Cisco BroadWorks Messaging Server < 23.0 - Authenticated Server-Side Request Forgery

CVE-2022-39276 LOW

GLPI < 10.0.4 - Server-Side Request Forgery via RSS Feed or External Calendar Redirect

CVE-2022-39241 HIGH

Discourse < 2.8.10 - Authenticated Server-Side Request Forgery via Webhook

CVE-2022-41552 CRITICAL

Hitachi Infrastructure Analytics Advisor <4.4.0-00, Hitachi Ops Cen...

CVE-2022-40296 CRITICAL

php_point_of_sale - Server-Side Request Forgery

CVE-2022-3708 CRITICAL

Web Stories < 1.24.0 - Authenticated Server-Side Request Forgery via Hotlink Proxy REST API

CVE-2022-43776 MEDIUM

Metabase < 0.44.5 - Server-Side Request Forgery via /api/geojson URL Parameter

CVE-2022-36451 HIGH

MiCollab < 9.5.0.101 - Authenticated Server-Side Request Forgery via URL Parameter

CVE-2022-42890 HIGH

Apache Batik < 1.16 - Remote Code Execution via Untrusted SVG JavaScript

CVE-2022-41704 HIGH

Apache XML Graphics <1.16 - Code Injection

CVE-2022-3247 MEDIUM

Blog2Social < 6.9.10 - Authenticated Server-Side Request Forgery via AJAX Action

CVE-2022-38580 CRITICAL

Zalando Skipper < 0.13.237 - Server-Side Request Forgery

CVE-2022-27622 MEDIUM

Synology DiskStation Manager < 7.1-42661 - Authenticated Server-Side Request Forgery via Package Center

CVE-2022-39055 MEDIUM

RAVA Certificate Validation System - URL Parameter Server-Side Request Forgery

CVE-2022-42149 CRITICAL

kkFileView 4.0 - Server-Side Request Forgery via OnlinePreviewController

Previous Page 81 of 110 Next

Details

Vulnerabilities 2,750

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy