Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages — langchain 3.7 Low2026-02-10
CVE-2026-21512 Azure DevOps Server Cross-Site Scripting Vulnerability — Azure DevOps Server 2022 6.5 Medium2026-02-10
CVE-2025-11242 SSRF in Teknolist Computer's Okulistik — Okulistik 9.8 Critical2026-02-10
CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url — faraday 5.8 Medium2026-02-09
CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection — langsmith-sdk 5.8 Medium2026-02-09
CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation — cms 7.5AIHighAI2026-02-09
CVE-2026-25493 Craft has a SSRF in GraphQL Asset Mutation via HTTP Redirect — cms 9.1AICriticalAI2026-02-09
CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host — cms 6.5AIMediumAI2026-02-09
CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' — Fluent Forms Pro Add On Pack 5.4 Medium2026-02-09
CVE-2026-25904 Overly permissive Deno configuration in mcp-run-python leads to SSRF 5.8 Medium2026-02-09
CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping — homarr 5.3 Medium2026-02-06
CVE-2026-25580 Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling — pydantic-ai 8.6 High2026-02-06
CVE-2025-68157 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects — webpack 3.7 Low2026-02-05
CVE-2025-68458 webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior — webpack 3.7 Low2026-02-05
CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint — All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink 7.2 High2026-02-05
CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock — AutoGPT 8.1AIHighAI2026-02-04
CVE-2025-62615 AutoGPT has SSRF vulnerability in ReadRSSFeedBlock — AutoGPT 9.1AICriticalAI2026-02-04
CVE-2026-1884 ZenTao Webhook model.php fetchHook server-side request forgery — ZenTao 4.7 Medium2026-02-04
CVE-2026-25511 Group-Office is vulnerable to SSRF and File Read in WOPI service discovery — groupoffice 6.8AIMediumAI2026-02-04
CVE-2026-22247 GLPI is Vulnerable to SSRF via Webhooks — glpi 4.1 Medium2026-02-04
CVE-2026-24961 WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability — Grand Blog 9.1AICriticalAI2026-02-03
CVE-2025-13096 XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow - — Business Automation Workflow containers 7.1 High2026-02-02
CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak — Red Hat Build of Keycloak 2.7 Low2026-02-02
CVE-2026-24902 TrustTunnel has SSRF and private network restriction bypass via numeric address destinations — TrustTunnel 7.1 High2026-01-29
CVE-2026-24767 NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality — nocodb 4.9 Medium2026-01-28
CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass — discourse 7.6 High2026-01-28
CVE-2020-36944 ILIAS Learning Management System 4.3 - SSRF — ILIAS Learning Management System 4.0 Medium2026-01-28
CVE-2025-14610 TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter — TableMaster for Elementor – Advanced Responsive Tables for Elementor 7.2 High2026-01-28
CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector` — vllm 7.1 High2026-01-27
CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration — squidex 9.1 Critical2026-01-27

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.