Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,750 vulnerabilities with CWE-918

CVE-2022-41477 CRITICAL

WeBid <=1.2.2 - Server-Side Request Forgery via Theme Parameter

CVE-2022-36802 MEDIUM

Atlassian Jira Align < 10.109.2 - Server-Side Request Forgery via ManageJiraConnectors API

CVE-2022-41497 CRITICAL

ClipperCMS 1.3.3 - Server-Side Request Forgery via pkg_url Parameter

CVE-2022-41496 CRITICAL

iCMS v7.0.16 - Server-Side Request Forgery via URL Parameter

CVE-2022-41495 CRITICAL

ClipperCMS 1.3.3 - Server-Side Request Forgery via RSS URL News Parameter

CVE-2022-36551 MEDIUM

Heartex - Label Studio Community Edition <1.5.0 - SSRF

CVE-2022-41040 HIGH KEV

Microsoft Exchange ProxyNotShell RCE

CVE-2022-35282 MEDIUM

IBM WebSphere Application Server 7.0.0.0-7.0.0.44 - Server-Side Request Forgery

CVE-2022-2352 HIGH

Post SMTP Mailer/Email Log <2.1.7 - SSRF

CVE-2022-23464 MEDIUM

Nepxion Discovery < 6.16.2 - Server-Side Request Forgery via RouterResourceImpl

CVE-2022-39239 MEDIUM

nuxtjs/netlify-ipx < 1.2.3 - Server-Side Request Forgery via Header Injection

CVE-2022-40146 HIGH

Apache Batik 1.14 - Server-Side Request Forgery via Jar URL

CVE-2022-38648 MEDIUM

Apache XML Graphics Batik 1.14 - SSRF

CVE-2022-38398 MEDIUM

Apache XML Graphics Batik <1.14 - SSRF

CVE-2022-40357 CRITICAL

Z-BlogPHP <= 1.7.2 - Server-Side Request Forgery via UEditor Crawler Source Parameter

CVE-2022-38931 HIGH

BaijiaCMS V4 4.1.4 - Server-Side Request Forgery via url Parameter

CVE-2022-30579 HIGH

TIBCO Spotfire Analytics Platform and Spotfire Server 12.0.0 - Server-Side Request Forgery in Web Player

CVE-2022-39211 LOW

Nextcloud Server < 23.0.8 and Nextcloud Enterprise Server < 22.2.10.4 - Server-Side Request Forgery

CVE-2022-2912 MEDIUM

Craw Data < 1.0.0 - Authenticated Server-Side Request Forgery via URL Parameter

CVE-2022-36112 LOW

GLPI < 10.0.3 - Server-Side Request Forgery via RSS Feed or External Calendar

CVE-2022-2900 CRITICAL

parse-url < 8.1.0 - Server-Side Request Forgery

CVE-2022-38298 HIGH

Appsmith v1.7.11 - Authenticated Server-Side Request Forgery via AWS Metadata Endpoint

CVE-2022-38292 CRITICAL

SLiMS Senayan Library Management System <9.4.2 - SSRF

CVE-2022-36376 MEDIUM

Rank Math SEO <= 1.0.95 - Server-Side Request Forgery

CVE-2022-40305 CRITICAL

Canto Cumulus < 11.1.3 - Server-Side Request Forgery via Login Form Server Parameter

Previous Page 82 of 110 Next

Details

Vulnerabilities 2,750

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy