Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3789 Bytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request forgery — Bytedesk 6.3 Medium2026-03-08
CVE-2026-3788 Bytedesk SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels server-side request forgery — Bytedesk 6.3 Medium2026-03-08
CVE-2026-3750 ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery — ContiNew Admin 4.7 Medium2026-03-08
CVE-2026-3733 xuxueli xxl-job JobInfoController.java server-side request forgery — xxl-job 6.3 Medium2026-03-08
CVE-2026-3683 bufanyun HotGo Endpoint upload.go ImageTransferStorage server-side request forgery — HotGo 6.3 Medium2026-03-07
CVE-2026-3681 welovemedia FFmate webhook.go fireWebhook server-side request forgery — FFmate 6.3 Medium2026-03-07
CVE-2026-30858 WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources — WeKnora 6.5 Medium2026-03-07
CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import — soft-serve 9.1 Critical2026-03-07
CVE-2026-30834 PinchTab: SSRF with Full Response Exfiltration via Download Handler — pinchtab 7.5 High2026-03-07
CVE-2026-27797 Homarr: Unauthenticated SSRF in rssFeed.ts — homarr 5.3 Medium2026-03-07
CVE-2026-30840 Wallos: Server-Side Request Forgery (SSRF) in Notification Testers — Wallos 9.8 -2026-03-07
CVE-2026-30839 Wallos: SSRF via webhook test endpoint — Wallos 6.5 -2026-03-07
CVE-2026-30247 WeKnora: SSRF via Redirection — WeKnora 5.9 Medium2026-03-07
CVE-2026-30242 Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer — plane 8.5 High2026-03-06
CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading — Wekan 9.1 -2026-03-06
CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint — lemmy 7.5 -2026-03-06
CVE-2026-28680 Ghostfolio: Full-Read SSRF in Manual Asset Import — ghostfolio 9.3 Critical2026-03-06
CVE-2026-28677 OpenSift: Insufficient URL destination restrictions in ingest flow could enable SSRF-style internal access — OpenSift 8.2 High2026-03-06
CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint — idno 6.5 -2026-03-06
CVE-2026-28476 OpenClaw < 2026.2.14 - Server-Side Request Forgery in Tlon Extension Authentication — OpenClaw 8.3 High2026-03-05
CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration — OpenClaw 6.5 Medium2026-03-05
CVE-2026-27023 Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client — twenty 5.0 Medium2026-03-05
CVE-2026-28036 WordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability — Ratatouille 9.1 -2026-03-05
CVE-2026-3125 SSRF vulnerability in opennextjs-cloudflare via /cdn-cgi/ path normalization bypass — @opennextjs/cloudflare 9.1AICriticalAI2026-03-04
CVE-2026-1273 PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX 7.2 High2026-03-04
CVE-2026-27600 HomeBox affected by Blind SSRF — homebox 5.0 Medium2026-03-03
CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF) — ZimaOS 7.1 High2026-03-02
CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF) — chamilo-lms 9.1AICriticalAI2026-03-02
CVE-2024-50337 Chamilo: Potential unauthenticated blind SSRF via openid function — chamilo-lms 5.3 Medium2026-03-02
CVE-2026-27759 Featured Image from Content < 1.7 Authenticated SSRF via save_post — Featured Image from Content 8.1 -2026-02-27

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.