CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-22772	Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass — fulcio	5.8	Medium	2026-01-12
CVE-2025-13393	Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' — Featured Image from URL (FIFU)	4.3	Medium	2026-01-10
CVE-2026-22597	Ghost has SSRF via External Media Inliner — Ghost	6.5	-	2026-01-10
CVE-2026-22245	Mastodon has SSRF Protection bypass — mastodon	9.4	-	2026-01-08
CVE-2026-21885	Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources — v2	6.5	Medium	2026-01-08
CVE-2025-22726	WordPress nK Themes Helper plugin <= 1.7.9 - Server Side Request Forgery (SSRF) vulnerability — nK Themes Helper	6.4	Medium	2026-01-08
CVE-2026-21859	Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF) — mailpit	5.8	Medium	2026-01-07
CVE-2019-25290	INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage — Smartliving SmartLAN/G/SI	5.3	Medium	2026-01-07
CVE-2025-69222	LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions — LibreChat	9.1	Critical	2026-01-07
CVE-2025-58441	Knowage is vulnerable to blind server-side request forgery (SSRF) — Knowage-Server	5.3	-	2026-01-07
CVE-2025-49335	WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability — External Media	4.9	Medium	2026-01-07
CVE-2026-0649	invoiceninja Migration Import Import.php copy server-side request forgery — invoiceninja	4.7	Medium	2026-01-07
CVE-2025-14438	Xagio SEO <= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request Forgery — Xagio SEO – AI Powered SEO	6.4	Medium	2026-01-06
CVE-2025-68437	Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation — cms	9.1	-	2026-01-05
CVE-2026-21433	Emlog vulnerable to Server-Side Request Forgery (SSRF) — emlog	7.7	High	2026-01-02
CVE-2025-15414	go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery — sonic	4.7	Medium	2026-01-01
CVE-2025-14627	WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress	6.4	Medium	2026-01-01
CVE-2025-34469	Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplification — Cowrie	7.5	-	2025-12-31
CVE-2025-62088	WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability — WordPress & WooCommerce Scraper Plugin, Import Data from Any Site	5.4	Medium	2025-12-31
CVE-2025-59138	WordPress Genemy theme <= 1.6.6 - Server Side Request Forgery (SSRF) vulnerability — Genemy	4.9	Medium	2025-12-31
CVE-2025-15373	EyouCMS function.php saveRemote server-side request forgery — EyouCMS	6.3	Medium	2025-12-31
CVE-2025-15264	FeehiCMS TimThumb timthumb.php server-side request forgery — FeehiCMS	7.3	High	2025-12-30
CVE-2025-69014	WordPress Youzify plugin <= 1.3.7 - Server Side Request Forgery (SSRF) vulnerability — Youzify	4.9	Medium	2025-12-30
CVE-2025-68893	WordPress WordPress Image shrinker plugin <= 1.1.0 - Server Side Request Forgery (SSRF) vulnerability — WordPress Image shrinker	4.9	Medium	2025-12-29
CVE-2025-69206	Hemmelig has SSRF Filter bypass in Secret Request functionality — Hemmelig.app	4.3	Medium	2025-12-29
CVE-2025-15098	YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery — yudao-cloud	6.3	Medium	2025-12-26
CVE-2019-25251	Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings — VidiU Pro	6.5	Medium	2025-12-24
CVE-2025-68600	WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability — Link Library	4.9	Medium	2025-12-24
CVE-2025-67623	WordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerability — 6Storage Rentals	5.4	Medium	2025-12-24
CVE-2025-68500	WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability — Prime Slider – Addons For Elementor	4.9	Medium	2025-12-24

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481