CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-28423	Statamic Vulnerable to Server-Side Request Forgery via Glide — cms	6.8	Medium	2026-02-27
CVE-2026-28416	Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing — gradio	8.2	High	2026-02-27
CVE-2026-3286	itwanger paicoding Image Save Endpoint ImageRestController.java save server-side request forgery — paicoding	6.3	Medium	2026-02-27
CVE-2026-3270	psi-probe PSI Probe Whois Whois.java lookup server-side request forgery — PSI Probe	6.3	Medium	2026-02-26
CVE-2026-28295	Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses — Red Hat Enterprise Linux 10	4.3	Medium	2026-02-26
CVE-2026-27829	Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize — astro	6.5	Medium	2026-02-26
CVE-2026-27945	ZITADEL has potential SSRF via Actions — zitadel	6.5^AI	Medium^AI	2026-02-26
CVE-2026-27808	Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API — mailpit	5.8	Medium	2026-02-25
CVE-2026-24005	OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field — kruise	-	-	2026-02-25
CVE-2026-27795	LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader — langchainjs	4.1	Medium	2026-02-25
CVE-2026-27739	Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline — angular-cli	9.8^AI	Critical^AI	2026-02-25
CVE-2026-3189	feiyuchuixue sz-boot-parent download server-side request forgery — sz-boot-parent	3.1	Low	2026-02-25
CVE-2026-27706	Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature — plane	7.7	High	2026-02-25
CVE-2026-27730	esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route — esm.sh	5.3^AI	Medium^AI	2026-02-25
CVE-2025-50180	esm.sh is vulnerable to full-response SSRF — esm.sh	7.5^AI	High^AI	2026-02-25
CVE-2026-2479	Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload — Responsive Lightbox & Gallery	5.0	Medium	2026-02-25
CVE-2026-3163	SourceCodester Website Link Extractor URL file_get_contents server-side request forgery — Website Link Extractor	6.3	Medium	2026-02-25
CVE-2026-27696	changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs — changedetection.io	8.6	High	2026-02-25
CVE-2026-27477	Mastodon has SSRF via unvalidated FASP Provider base_url — mastodon	6.5	-	2026-02-24
CVE-2026-27732	AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php — AVideo	8.1	-	2026-02-24
CVE-2026-27567	Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads — payload	6.5	Medium	2026-02-24
CVE-2026-27129	Cloud Metadata SSRF Protection Bypass via IPv6 Resolution — cms	7.1^AI	High^AI	2026-02-24
CVE-2026-3052	DataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgery — dinky	6.3	Medium	2026-02-24
CVE-2026-25545	Astro has Full-Read SSRF in error rendering via Host: header injection — astro	9.1	-	2026-02-24
CVE-2026-3026	erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery — JEEWMS	7.3	High	2026-02-23
CVE-2026-2985	Tiandy Video Surveillance System 视频监控平台 CLSBODownLoad.java downloadImage server-side request forgery — Video Surveillance System 视频监控平台	6.3	Medium	2026-02-23
CVE-2026-2945	JeecgBoot uploadImgByHttp server-side request forgery — JeecgBoot	6.3	Medium	2026-02-22
CVE-2026-27488	OpenClaw hardened cron webhook delivery against SSRF — openclaw	7.1	-	2026-02-21
CVE-2026-27479	Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch — Wallos	7.7	High	2026-02-21
CVE-2019-25451	phpMoAdmin 1.1.5 Cross-Site Request Forgery via moadmin.php — phpMoAdmin	8.8	High	2026-02-20

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481