Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,756 vulnerabilities with CWE-918

CVE-2021-22049 CRITICAL

VMware vCenter Server - Server-Side Request Forgery in vSAN Web Client Plugin

CVE-2021-43780 MEDIUM

Redash < 10.0.1 - Server-Side Request Forgery via URL-Loading Data Sources

CVE-2021-3553 MEDIUM

Bitdefender <6.6.27.390, <7.1.2.33, <6.2.21.160 - SSRF

CVE-2021-3552 MEDIUM

Bitdefender <6.6.27.390, <7.1.2.33 - SSRF

CVE-2021-23718 MEDIUM

ssrf-agent < 1.0.5 - Server-Side Request Forgery via defaultIpChecker Function

CVE-2021-22970 HIGH

Concrete CMS < 8.5.6 and 9.0.0 - Server-Side Request Forgery via Local IP Import

CVE-2021-22969 MEDIUM

Concrete CMS < 8.5.7 - Server-Side Request Forgery via DNS Rebind Attack

CVE-2021-39303 CRITICAL

Jamf Pro < 10.32.0 - Server-Side Request Forgery

CVE-2021-43562 HIGH

pixx.io < 1.0.6 - Authenticated Server-Side Request Forgery via Image Download

CVE-2021-43293 MEDIUM

Sonatype Nexus Repository Manager <3.36.0 - SSRF

CVE-2021-29738 MEDIUM

IBM InfoSphere Information Server 11.7 - Authenticated Server-Side Request Forgery

CVE-2021-29844 HIGH

IBM Jazz Team Server - Authenticated Server-Side Request Forgery

CVE-2021-35512 MEDIUM

Zoho ManageEngine Applications Manager <15200 - SSRF

CVE-2021-41792 MEDIUM

Alfresco Content Services 5.0.0.0-6.2.2.18 SSRF via HTML File Upload

CVE-2021-25972 MEDIUM

Camaleon CMS 2.1.2.0-2.6.0 - Server-Side Request Forgery via Media Upload Feature

CVE-2021-32663 HIGH

iTop < 2.6.5 - Unauthenticated Server-Side Request Forgery

CVE-2021-22033 LOW

VMware vRealize Operations < 8.6.0 - Server-Side Request Forgery

CVE-2021-42091 CRITICAL

Zammad < 4.1.1 - Server-Side Request Forgery via GitHub or GitLab Integration

CVE-2021-22958 CRITICAL

concrete5 <8.5.5 - Server-Side Request Forgery via Decimal IP Bypass

CVE-2021-39894 MEDIUM

GitLab 8.0.0-14.1.7 - Server-Side Request Forgery via Fogbugz Importer DNS Rebinding

CVE-2021-39867 MEDIUM

GitLab 8.15.0-14.1.7 - Server-Side Request Forgery via Gitea Importer

CVE-2021-37223 MEDIUM

Nagios XI <= 5.8.4 - Authenticated Server-Side Request Forgery via schedulereport.php

CVE-2021-37104 HIGH

HUAWEI P40 Firmware 10.1.0.118(C00E116R3P3) - Server-Side Request Forgery

CVE-2021-40109 MEDIUM

Concrete CMS < 8.5.6 - Server-Side Request Forgery via File Upload URL Redirect

CVE-2021-41385 MEDIUM

Securonix SNYPR 6.3.1 - Authenticated SSRF in Third Party Intelligence Connector

Previous Page 90 of 111 Next

Details

Vulnerabilities 2,756

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy