Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-69299 WordPress Oxygen theme <= 6.0.8 - Server Side Request Forgery (SSRF) vulnerability — Oxygen 9.1AICriticalAI2026-02-20
CVE-2026-26324 OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable) — openclaw 7.5 High2026-02-19
CVE-2026-26322 OpenClaw Gateway tool allowed unrestricted gatewayUrl override — openclaw 7.6 High2026-02-19
CVE-2025-8055 SSRF vulnerability have been discovered in OpenText™ XM Fax — XM Fax 9.1AICriticalAI2026-02-19
CVE-2026-26286 SillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal Services — SillyTavern 6.5 -2026-02-19
CVE-2026-26339 Hyland Alfresco Transformation Service Argument Injection RCE — Alfresco Transformation Service (Enterprise) 9.8 Critical2026-02-19
CVE-2026-26338 Hyland Alfresco Transformation Service SSRF — Alfresco Transformation Service (Enterprise) 9.8 Critical2026-02-19
CVE-2026-2274 Arbitrary File Read and SSRF in Google AppSheet — AppSheet Web (Main Server) 6.5AIMediumAI2026-02-19
CVE-2026-25428 WordPress TS Poll plugin <= 2.5.5 - Server Side Request Forgery (SSRF) vulnerability — TS Poll 9.8AICriticalAI2026-02-19
CVE-2026-25385 WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability — URL Shortify 7.5AIHighAI2026-02-19
CVE-2026-25310 WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability — Extend Link 9.1AICriticalAI2026-02-19
CVE-2026-23803 WordPress Smart Auto Upload Images plugin <= 1.2.2 - Server Side Request Forgery (SSRF) vulnerability — Smart Auto Upload Images 7.2 Medium2026-02-19
CVE-2026-2711 zhutoutoutousan worldquant-miner URL ssrf_proxy.py server-side request forgery — worldquant-miner 5.6 Medium2026-02-19
CVE-2025-12375 Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery — Printful Integration for WooCommerce 6.4 Medium2026-02-19
CVE-2026-2654 huggingface smolagents LocalPythonExecutor requests.post server-side request forgery — smolagents 6.3 Medium2026-02-18
CVE-2026-1857 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 4.3 Medium2026-02-18
CVE-2025-36243 Multiple Vulnerabilities in IBM Concert Software. — Concert 5.4 Medium2026-02-17
CVE-2026-2558 GeekAI net_handler.go Download server-side request forgery — GeekAI 6.3 Medium2026-02-16
CVE-2026-2556 cskefu Endpoint MediaController.java server-side request forgery — cskefu 6.3 Medium2026-02-16
CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery — DeepAudit 6.3 Medium2026-02-16
CVE-2026-2531 MindsDB File Upload security.py clear_filename server-side request forgery — MindsDB 6.3 Medium2026-02-16
CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery — MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.0 Medium2026-02-14
CVE-2026-0745 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter — User Language Switch 5.5 Medium2026-02-14
CVE-2026-25991 Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import — recipes 7.7 High2026-02-13
CVE-2026-26005 ClipBucket v5 enables internal network scans via an SSRF vulnerability — clipbucket-v5 5.0 Medium2026-02-12
CVE-2026-1356 Converter for Media – Optimize images | Convert WebP & AVIF <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src — Converter for Media – Optimize images | Convert WebP & AVIF 4.8 Medium2026-02-12
CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation — langchainjs 4.1 Medium2026-02-11
CVE-2025-12073 Server-Side Request Forgery (SSRF) in GitLab — GitLab 4.3 Medium2026-02-11
CVE-2025-12575 Server-Side Request Forgery (SSRF) in GitLab — GitLab 5.4 Medium2026-02-11
CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF — DoraCMS 5.8 Medium2026-02-10

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.