Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,756 vulnerabilities with CWE-918

CVE-2021-27312 CRITICAL

Gleez CMS 1.2.0 - Server-Side Request Forgery via Request Handler

CVE-2021-35391 HIGH

Deskpro Support Desk <v2021.21.6 - SSRF

CVE-2021-42079 MEDIUM

QuantaStor < 6.0.0.355 - Authenticated Server-Side Request Forgery via Alert Configuration

CVE-2021-36396 HIGH

Moodle - Blind Server-Side Request Forgery via Redirect Handling Bypass

CVE-2021-33926 HIGH

Plone 4.3.2-5.2.4 - Server-Side Request Forgery via RSS Feed Portlet

CVE-2021-43449 HIGH

ONLYOFFICE Server - Server-Side Request Forgery via Document Editor URL Fetch

CVE-2021-37498 MEDIUM

Reprise License Manager < 17.0 - Server-Side Request Forgery via License Activation actserver Parameter

CVE-2021-27693 CRITICAL

PublicCMS < 4.0.202011.b - Server-Side Request Forgery via UEditor Catchimage Action

CVE-2021-43959 MEDIUM

Atlassian Jira Service Management Server & Data Center <4.13.20 - SSRF

CVE-2021-20544 MEDIUM

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2 - Authenticated Server-Side Request Forgery

CVE-2021-20421 MEDIUM

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2 - Authenticated Server-Side Request Forgery

CVE-2021-36761 MEDIUM

Qlik Sense - Server-Side Request Forgery

CVE-2021-41403 CRITICAL

flatCore-CMS 2.0.8 - Server-Side Request Forgery via Dangerous Function Calls

CVE-2021-40604 CRITICAL

IPS Community Suite < 4.6.2 - Authenticated Server-Side Request Forgery via Dynamic Class Name Generation

CVE-2021-40186 MEDIUM

DNN CMS - Server-Side Request Forgery

CVE-2021-40822 HIGH

GeoServer <= 2.18.5 and 2.19.x <= 2.19.2 - Server-Side Request Forgery via Proxy Host Configuration

CVE-2021-36203 MEDIUM

Metasys System Configuration Tool < 14.2.2 - Server-Side Request Forgery

CVE-2021-36202 HIGH

Johnson Controls Metasys <10.1.5, <11.0.2 - SSRF

CVE-2021-33581 HIGH

MashZone NextGen < 10.7 - Server-Side Request Forgery via PPM Connection Availability Check

CVE-2021-44139 HIGH

Sentinel 1.8.2 - Server-Side Request Forgery

CVE-2021-45968 HIGH

Jive XMPP Server - Server-Side Request Forgery via Backend Tomcat Endpoint

CVE-2021-46107 HIGH

Ligeo Archives Ligeo Basics - Server-Side Request Forgery via Download Feature

CVE-2021-45851 HIGH

FUXA 1.1.3 - Server-Side Request Forgery

CVE-2021-39051 MEDIUM

IBM Spectrum Copy Data Management 2.2.0.0-2.2.14.3 - Server-Side Request Forgery via Application Server Registration

CVE-2021-43954 MEDIUM

Atlassian Crucible and Fisheye < 4.8.9 - Server-Side Request Forgery via DefaultRepositoryAdminService

Previous Page 88 of 111 Next

Details

Vulnerabilities 2,756

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy