Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery — Carousel Block – Responsive Image and Content Carousel 6.4 Medium2025-11-05
CVE-2025-11917 WPeMatico RSS Feed Fetcher <= 2.8.11 - Authenticated (Subscriber+) Server-Side Request Forgery via wpematico_test_feed — WPeMatico RSS Feed Fetcher 6.4 Medium2025-11-05
CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality — LinkAce 4.3AIMediumAI2025-11-04
CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS — astro 7.2 High2025-10-28
CVE-2025-36085 Multiple Vulnerabilities in IBM Concert Software. — Concert 5.4 Medium2025-10-28
CVE-2025-62988 WordPress Slider Templates plugin <= 1.0.3 - Server Side Request Forgery (SSRF) vulnerability — Slider Templates 4.9 Medium2025-10-27
CVE-2025-10861 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers 7.5 High2025-10-24
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products — WSO2 Identity Server 5.9 Medium2025-10-24
CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint — Real Cookie Banner: GDPR & ePrivacy Cookie Consent 6.8 Medium2025-10-24
CVE-2025-59503 Azure Compute Resource Provider Elevation of Privilege Vulnerability — Azure Compute Resource Provider 10.0 Critical2025-10-23
CVE-2025-10705 MxChat – AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery — MxChat – AI Chatbot & Content Generation for WordPress 5.3 Medium2025-10-23
CVE-2025-11128 Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator 5.0 Medium2025-10-23
CVE-2025-62612 FastGPT File Reading Node SSRF Vulnerability — FastGPT 9.1AICriticalAI2025-10-22
CVE-2025-49917 WordPress Icegram Express Pro plugin <= 5.9.5 - Server Side Request Forgery (SSRF) vulnerability — Icegram Express Pro 8.1AIHighAI2025-10-22
CVE-2025-49374 WordPress Captcha.eu plugin <= 1.0.61 - Server Side Request Forgery (SSRF) vulnerability — Captcha.eu 5.4 Medium2025-10-22
CVE-2025-62763 Zimbra Collaboration 代码问题漏洞 — Collaboration 5.0 Medium2025-10-21
CVE-2025-11536 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery — Element Pack – Widgets, Templates & Addons for Elementor 5.0 Medium2025-10-20
CVE-2025-11361 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 6.4 Medium2025-10-18
CVE-2025-34282 ThingsBoard < v4.2.1 SVG Image SSRF — ThingsBoard 8.1AIHighAI2025-10-17
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module — lobe-chat 3.0 Low2025-10-17
CVE-2025-11864 NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery — Nucleoid 7.3 High2025-10-16
CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR — angular-cli 9.1AICriticalAI2025-10-16
CVE-2025-10056 Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery — Task Scheduler 4.4 Medium2025-10-15
CVE-2025-11674 PiExtract|SOOP-CLM - Server-Side Request Forgery — SOOP-CLM 6.8 Medium2025-10-13
CVE-2025-11648 Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery — Furbo 360 5.6 Medium2025-10-12
CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery — Furbo 360 5.6 Medium2025-10-12
CVE-2025-31993 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF) — Unica Centralized Offer Management 3.5 Low2025-10-12
CVE-2025-9975 WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery — WP Scraper 6.8 Medium2025-10-11
CVE-2025-59146 New API has Authenticated Server-Side Request Forgery (SSRF) issue — new-api 8.5 High2025-10-09
CVE-2025-9868 Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin — Nexus Repository 7.5AIHighAI2025-10-08

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.