Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918

CVE-2021-20347 MEDIUM

IBM Engineering Lifecycle Management - Authenticated Server-Side Request Forgery

CVE-2021-20346 MEDIUM

IBM Jazz Foundation & IBM Engineering - SSRF

CVE-2021-20345 MEDIUM

IBM Jazz Foundation & IBM Engineering - SSRF

CVE-2021-20343 MEDIUM

IBM Jazz Foundation/Engineering - SSRF

CVE-2021-33184 HIGH

Synology Download Station <3.8.15-3563 - SSRF

CVE-2021-33181 MEDIUM

Synology Video Station <2.4.10-1632 - SSRF

CVE-2021-25640 MEDIUM

Apache Dubbo 2.5.0-2.6.8 and 2.7.0-2.7.9 - Server-Side Request Forgery via parseURL Host Check Bypass

CVE-2021-21985 CRITICAL KEV

VMware vCenter Server - Remote Code Execution via Virtual SAN Health Check Plugin

CVE-2021-30108 CRITICAL

Feehi CMS 2.1.1 - Server-Side Request Forgery via HTTP Referer Header

CVE-2021-33511 HIGH

Plone < 5.2.4 - Server-Side Request Forgery via lxml Parser

CVE-2021-33510 MEDIUM

Plone < 5.2.4 - Authenticated Server-Side Request Forgery via Event iCal URL

CVE-2021-20535 MEDIUM

IBM Jazz Reporting Service <7.0.2 - SSRF

CVE-2021-31910 HIGH

JetBrains TeamCity < 2020.2.3 - Server-Side Request Forgery

CVE-2021-31828 HIGH

Amazon Open Distro for Elasticsearch < 1.13.1.0 - Authenticated Server-Side Request Forgery via Alerting Plugin

CVE-2021-29490 MEDIUM

jellyfin < 10.7.3 - Unauthenticated Server-Side Request Forgery via imageUrl Parameter

CVE-2021-29145 CRITICAL

Aruba ClearPass 6.7.0-6.7.14 - Server-Side Request Forgery

CVE-2021-31779 MEDIUM

Yoast SEO < 7.2.1 - Authenticated Server-Side Request Forgery

CVE-2021-29475 CRITICAL

HedgeDoc < 1.5.0 - Server-Side Request Forgery via PDF Export

CVE-2021-29431 HIGH

Sydent < 2.3.0 - Server-Side Request Forgery via HTTP GET Request

CVE-2021-28060 MEDIUM

Group Office 6.4.196 - Server-Side Request Forgery via URL Parameter

CVE-2021-27905 CRITICAL

Apache Solr < 8.8.2 - Server-Side Request Forgery via ReplicationHandler masterUrl Parameter

CVE-2021-29357 HIGH

OutSystems Platform Server SSRF via ECT Provider (10 < 10.0.1104.0, 11 < 11.9.0, LifeTime < 11.7.0)

CVE-2021-20480 MEDIUM

IBM WebSphere Application Server <8.6 - SSRF

CVE-2021-24150 HIGH

LikeBtn WordPress Like Button < 2.6.32 - Unauthenticated Server-Side Request Forgery

CVE-2021-28941 MEDIUM

MagpieRSS 0.72 - Server-Side Request Forgery via Snoopy curl Request

Previous Page 93 of 111 Next

Details

Vulnerabilities 2,758

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy