CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1485

1485 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-7787	Xuxueli xxl-job SampleXxlJob.java httpJobHandler server-side request forgery — xxl-job	6.3	Medium	2025-07-18
CVE-2025-7759	thinkgem JeeSite UEditor Image Grabber ActionEnter.java server-side request forgery — JeeSite	6.3	Medium	2025-07-17
CVE-2025-20288	Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability — Cisco Unified Contact Center Express	5.8	Medium	2025-07-16
CVE-2024-9408	Eclipse GlassFish 代码问题漏洞 — Eclipse Glassfish	9.8	-	2025-07-16
CVE-2025-48294	WordPress FG Drupal to WordPress plugin <= 3.90.0 - Server Side Request Forgery (SSRF) Vulnerability — FG Drupal to WordPress	4.4	Medium	2025-07-16
CVE-2025-1220	Null byte termination in hostnames — PHP	3.7	Low	2025-07-13
CVE-2025-53641	Postiz allows header mutation in middleware facilitates resulting in SSRF — postiz-app	8.2	High	2025-07-11
CVE-2025-50125	Schneider Electric EcoStruxure IT Data Center Expert 代码问题漏洞 — EcoStruxure™ IT Data Center Expert	9.8^AI	Critical^AI	2025-07-11
CVE-2025-6851	Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery — Broken Link Notifier	7.2	High	2025-07-11
CVE-2024-43394	Apache HTTP Server: SSRF on Windows due to UNC paths — Apache HTTP Server	7.5	-	2025-07-10
CVE-2024-43204	Apache HTTP Server: SSRF with mod_headers setting Content-Type header — Apache HTTP Server	5.9^AI	Medium^AI	2025-07-10
CVE-2025-49545	ColdFusion \| Server-Side Request Forgery (SSRF) (CWE-918) — ColdFusion	6.2	Medium	2025-07-08
CVE-2025-0292	Ivanti Connect Secure和Ivanti Policy Secure 代码问题漏洞 — Connect Secure	5.5	Medium	2025-07-08
CVE-2025-42965	Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application — SAP BusinessObjects BI Platform Central Management Console Promotion Management Application	4.1	Medium	2025-07-08
CVE-2025-53473	Nimesa Backup and Recovery 代码问题漏洞 — Nimesa Backup and Recovery	9.1^AI	Critical^AI	2025-07-07
CVE-2025-7103	BoyunCMS curl Index.php server-side request forgery — BoyunCMS	6.3	Medium	2025-07-07
CVE-2025-49418	WordPress Allmart plugin <= 1.0.0 - Server Side Request Forgery (SSRF) Vulnerability — Allmart	7.2	High	2025-07-04
CVE-2025-28963	WordPress URL Shortener plugin <= 3.0.7 - Server Side Request Forgery (SSRF) Vulnerability — URL Shortener	5.4	Medium	2025-07-04
CVE-2025-6729	PayMaster for WooCommerce <= 0.4.31 - Authenticated (Subscriber+) Server-Side Request Forgery — PayMaster for WooCommerce	6.4	Medium	2025-07-04
CVE-2025-5817	Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery — Amazon Products to WooCommerce	7.2	High	2025-07-02
CVE-2025-34051	AVTECH DVR Devices Server-Side Request Forgery — DVR devices	9.1^AI	Critical^AI	2025-07-01
CVE-2025-52491	Akamai CloudTest 代码问题漏洞 — CloudTest	5.8	Medium	2025-06-30
CVE-2025-53018	Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLs — Lychee	3.0	Low	2025-06-27
CVE-2025-6762	diyhi bbs HTTP Header login getUrl server-side request forgery — bbs	6.3	Medium	2025-06-27
CVE-2025-2940	Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery — Ninja Tables – Easy Data Table Builder	7.2	High	2025-06-27
CVE-2025-52477	Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow — app	8.6	High	2025-06-26
CVE-2024-51981	Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc. — HL-L8260CDN	5.3	Medium	2025-06-25
CVE-2024-51980	Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. — HL-L8260CDN	5.3	Medium	2025-06-25
CVE-2025-49852	Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises — iDSecure On-premises	7.5	High	2025-06-24
CVE-2025-2828	SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain — langchain-ai/langchain	7.5	-	2025-06-23

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1485 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1485