CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1485

1485 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-28987	WordPress PressForward <= 5.9.4 - Server Side Request Forgery (SSRF) vulnerability — PressForward	6.4	Medium	2025-08-14
CVE-2025-53760	Microsoft SharePoint Elevation of Privilege Vulnerability — Microsoft SharePoint Enterprise Server 2016	7.1	High	2025-08-12
CVE-2025-7622	AXIS Camera Station和AXIS Camera Station Pro 安全漏洞 — AXIS Camera Station Pro	6.5^AI	Medium^AI	2025-08-12
CVE-2025-55161	Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf — Stirling-PDF	8.6	High	2025-08-11
CVE-2025-55150	Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf — Stirling-PDF	8.6	High	2025-08-11
CVE-2025-55151	Stirling-PDF SSRF vulnerability on /api/v1/convert/file/pdf — Stirling-PDF	8.6	High	2025-08-11
CVE-2025-25235	Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability — Secure Email Gateway	8.6	High	2025-08-11
CVE-2025-8772	Vinades NukeViet Module index.php server-side request forgery — NukeViet	4.3	Medium	2025-08-09
CVE-2025-4655	Liferay Portal和Liferay DXP 代码问题漏洞 — Portal	9.1	-	2025-08-09
CVE-2025-4581	Liferay Portal和Liferay DXP 代码问题漏洞 — Portal	9.1	-	2025-08-09
CVE-2025-53767	Azure OpenAI Elevation of Privilege Vulnerability — Azure Open AI	10.0	Critical	2025-08-07
CVE-2025-8529	cloudfavorites favorites-web CollectController.java getCollectLogoUrl server-side request forgery — favorites-web	6.3	Medium	2025-08-04
CVE-2025-8527	Exrick xboot Swagger SecurityController.java server-side request forgery — xboot	6.3	Medium	2025-08-04
CVE-2025-8520	givanz Vvveb Drag-and-Drop Editor editor server-side request forgery — Vvveb	4.7	Medium	2025-08-04
CVE-2025-8341	SSRF in Infinity Datasource Plugin — grafana-infinity-datasource	5.0	Medium	2025-08-04
CVE-2025-54132	Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch — cursor	4.4	Medium	2025-08-01
CVE-2025-54590	webfinger.js is vulnerable to Blind SSRF attacks through localhost — webfinger.js	8.2	-	2025-08-01
CVE-2025-52567	GLPI has overly permissive URL verification — glpi	3.5	Low	2025-07-30
CVE-2025-54381	BentoML is Vulnerable to an SSRF Attack Through File Upload Processing — BentoML	9.9	Critical	2025-07-29
CVE-2025-24485	MedDream PACS Premium 代码问题漏洞 — MedDream PACS Premium	5.8	Medium	2025-07-28
CVE-2025-8267	SSRF Check 安全漏洞 — ssrfcheck	8.2	High	2025-07-28
CVE-2025-8228	yanyutao0402 ChanCMS getPages server-side request forgery — ChanCMS	6.3	Medium	2025-07-27
CVE-2025-52455	Salesforce Tableau 安全漏洞 — Tableau Server	5.4	-	2025-07-25
CVE-2025-52454	Salesforce Tableau Server 安全漏洞 — Tableau Server	6.5	-	2025-07-25
CVE-2025-52453	Salesforce Tableau 安全漏洞 — Tableau Server	4.3	-	2025-07-25
CVE-2025-8133	yanyutao0402 ChanCMS gather.js getArticle server-side request forgery — ChanCMS	6.3	Medium	2025-07-25
CVE-2025-8020	private-ip 安全漏洞 — private-ip	8.2	High	2025-07-23
CVE-2025-5818	Featured Image Plus – Quick & Bulk Edit with Unsplash <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery — Featured Image Plus – Bulk Edit Featured Images, Unsplash & Alt Text Manager	5.5	Medium	2025-07-23
CVE-2025-54122	Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint — Manager	10.0	Critical	2025-07-21
CVE-2025-46385	Emby Windows 代码问题漏洞 — Windows	8.6	High	2025-07-20

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1485 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1485