Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery — AI Engine – The Chatbot, AI Framework & MCP for WordPress 6.4 Medium2026-01-27
CVE-2025-9522 Blind Server-Side Request Forgery (SSRF) in Omada Controller — Omada Controller 7.5AIHighAI2026-01-26
CVE-2026-0807 Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter — Frontis Blocks — Block Library for the Block Editor 7.2 High2026-01-24
CVE-2026-24548 WordPress Radio Player plugin <= 2.0.91 - Server Side Request Forgery (SSRF) vulnerability — Radio Player 5.4 Medium2026-01-23
CVE-2026-24138 FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php` — fogproject 7.5 High2026-01-23
CVE-2026-24117 Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL — rekor 5.3 Medium2026-01-22
CVE-2026-24381 WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability — PhotoMe 5.4 Medium2026-01-22
CVE-2026-24360 WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulnerability — Seriously Simple Podcasting 4.4 Medium2026-01-22
CVE-2026-22482 WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability — IMGspider 4.9 Medium2026-01-22
CVE-2026-22358 WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability — Electrician - Electrical Service WordPress 8.8AIHighAI2026-01-22
CVE-2025-68030 WordPress Frontis Blocks plugin <= 1.1.5 - Server Side Request Forgery (SSRF) vulnerability — Frontis Blocks 9.1AICriticalAI2026-01-22
CVE-2025-67961 WordPress WPO365 plugin <= 40.0 - Server Side Request Forgery (SSRF) vulnerability — WPO365 9.8AICriticalAI2026-01-22
CVE-2025-64252 WordPress ANAC XML Viewer plugin <= 1.8.2 - Server Side Request Forgery (SSRF) vulnerability — ANAC XML Viewer 9.8AICriticalAI2026-01-22
CVE-2025-62741 WordPress Pool Services theme <= 3.3 - Server Side Request Forgery (SSRF) vulnerability — Pool Services 5.4 Medium2026-01-22
CVE-2026-24048 Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow` — backstage 3.5 Low2026-01-21
CVE-2026-1180 Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri — Red Hat build of Keycloak 26.4 5.8 Medium2026-01-20
CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element — Chainlit 8.1AIHighAI2026-01-19
CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API — mailpit 5.8 Medium2026-01-19
CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery — TMS 6.3 Medium2026-01-17
CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter — Church Admin 2.2 Low2026-01-17
CVE-2025-15104 Nu Html Checker (validator.nu) - Restriction bypass vulnerability allowing local SSRF — The Nu Html Checker 7.5 -2026-01-16
CVE-2025-14793 DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery — DK PDF – WordPress PDF Generator 5.0 Medium2026-01-16
CVE-2026-23768 Lucy-XSS 安全漏洞 — lucy-xss-filter--2026-01-16
CVE-2021-47776 Umbraco v8.14.1 - 'baseUrl' SSRF — Umbraco 5.3 Medium2026-01-15
CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration — Nexus Repository 4.9AIMediumAI2026-01-14
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector — Kibana 8.6 High2026-01-14
CVE-2025-14613 GetContentFromURL <= 1.0 - Authenticated (Contributor+) Server-Side Request Forgery via 'url' Shortcode Attribute — GetContentFromURL 7.2 High2026-01-14
CVE-2026-20958 Microsoft SharePoint Information Disclosure Vulnerability — Microsoft SharePoint Enterprise Server 2016 5.4 Medium2026-01-13
CVE-2025-67685 Fortinet FortiSandbox 代码问题漏洞 — FortiSandbox 3.4 Low2026-01-13
CVE-2026-22805 Metabase channel test endpoint can reach internal local addresses — metabase 8.2AIHighAI2026-01-12

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.