Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,756 vulnerabilities with CWE-918

CVE-2022-27311 CRITICAL

Gibbon < 3.4.4 - Server-Side Request Forgery via Crafted URL

CVE-2022-24871 HIGH

Shopware < 6.4.10.1 - Server-Side Request Forgery via Admin SDK

CVE-2022-24862 HIGH

Databasir 1.0.1 - Server-Side Request Forgery via JDBC Driver Download Check

CVE-2022-24825 MEDIUM

stripe/smokescreen < 0.0.3 - Server-Side Request Forgery via Deny List Bypass

CVE-2022-29153 HIGH

HashiCorp Consul <1.9.16-1.11.4 - SSRF

CVE-2022-1037 HIGH

EXMAGE WordPress Plugin < 1.0.7 - Server-Side Request Forgery via Image URL

CVE-2022-27426 HIGH

Chamilo LMS 1.11.0-1.11.15 - Server-Side Request Forgery via Crafted Phar File

CVE-2022-26499 CRITICAL

Asterisk 16.15.0-19.x - Server-Side Request Forgery via STIR/SHAKEN Identity Header

CVE-2022-22339 HIGH

IBM Planning Analytics 2.0 - Authenticated Server-Side Request Forgery

CVE-2022-1213 HIGH

livehelperchat < 3.67 - Server-Side Request Forgery via Port 80/443 Filter Bypass

CVE-2022-1188 LOW

GitLab 12.1-14.7.6, 14.8-14.8.4, 14.9-14.9.1 - Server-Side Request Forgery via Repository Mirroring

CVE-2022-0990 CRITICAL

calibre-web < 0.6.18 - Server-Side Request Forgery

CVE-2022-0939 CRITICAL

calibre-web < 0.6.18 - Server-Side Request Forgery

CVE-2022-0425 MEDIUM

GitLab 7.9-14.7.1 - Server-Side Request Forgery via Irker DNS Rebinding

CVE-2022-1191 HIGH

live_helper_chat < 3.96 - Server-Side Request Forgery via Cobrowse Proxy CSS Endpoint

CVE-2022-27907 MEDIUM

Sonatype Nexus Repository Manager 3.0.0-3.37.0 - Server-Side Request Forgery

CVE-2022-24789 HIGH

C1 CMS < 6.12 - Authenticated Server-Side Request Forgery and Denial of Service

CVE-2022-0249 LOW

GitLab 12.0-14.5.3 - Server-Side Request Forgery via Shared Address Space

CVE-2022-0136 MEDIUM

GitLab 10.5-14.5.4, 14.6-14.6.4, 14.7-14.7.1 - Server-Side Request Forgery via Project Import

CVE-2022-0591 CRITICAL

FormCraft WP <3.8.28 - Server-Side Request Forgery via URL Parameter

CVE-2022-27245 HIGH

MISP < 2.4.156 - Server-Side Request Forgery via generateServerSettings

CVE-2022-0870 MEDIUM

Gogs < 0.12.5 - Server-Side Request Forgery

CVE-2022-24739 HIGH

alltube <3.0.3 - SSRF/Open Redirect

CVE-2022-0767 CRITICAL

janeczku/calibre-web <0.6.17 - SSRF

CVE-2022-0766 CRITICAL

janeczku/calibre-web <0.6.17 - SSRF

Previous Page 86 of 111 Next

Details

Vulnerabilities 2,756

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy