CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1485

1485 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-6517	Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery — MaxKey	6.3	Medium	2025-06-23
CVE-2025-52967	MLflow 代码问题漏洞 — MLflow	5.8	Medium	2025-06-23
CVE-2025-34021	Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery — Targa IP OCR-ANPR Camera	9.1^AI	Critical^AI	2025-06-20
CVE-2025-49983	WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability — WPThumb	4.9	Medium	2025-06-20
CVE-2025-49984	WordPress PowerPress Podcasting plugin <= 11.13.11 - Server Side Request Forgery (SSRF) Vulnerability — PowerPress Podcasting	4.9	Medium	2025-06-20
CVE-2025-49985	WordPress Auto Upload Images plugin <= 3.3.2 - Server Side Request Forgery (SSRF) Vulnerability — Auto Upload Images	4.9	Medium	2025-06-20
CVE-2025-52713	WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Server Side Request Forgery (SSRF) Vulnerability — Post and Page Builder by BoldGrid	6.4	Medium	2025-06-20
CVE-2025-30680	Trend Micro Apex Central 安全漏洞 — Trend Micro Apex Central	7.5	High	2025-06-17
CVE-2025-30679	Trend Micro Apex Central 安全漏洞 — Trend Micro Apex Central	6.5	Medium	2025-06-17
CVE-2025-30678	Trend Micro Apex Central 安全漏洞 — Trend Micro Apex Central	6.5	Medium	2025-06-17
CVE-2025-49877	WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability — ProfileGrid	4.9	Medium	2025-06-17
CVE-2025-6142	Intera InHire server-side request forgery — InHire	6.3	Medium	2025-06-16
CVE-2025-6087	SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint	9.1^AI	Critical^AI	2025-06-16
CVE-2025-49190	Server-Side Request Forgery — SICK Field Analytics	4.3	Medium	2025-06-12
CVE-2023-48786	Fortinet FortiClientEMS 代码问题漏洞 — FortiClientEMS	4.1	Medium	2025-06-10
CVE-2024-40625	GeoServer Coverage REST API Allows Server Side Request Forgery — geoserver	5.5	Medium	2025-06-10
CVE-2024-29198	GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost — geoserver	7.5	High	2025-06-10
CVE-2025-42988	Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform — SAP Business Objects Business Intelligence Platform	3.7	Low	2025-06-10
CVE-2025-29008	WordPress SocialMark plugin <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability — SocialMark	4.9	Medium	2025-06-06
CVE-2025-30976	WordPress Nexa Blocks plugin <= 1.1.1 - Server Side Request Forgery (SSRF) vulnerability — Nexa Blocks	4.9	Medium	2025-06-06
CVE-2025-30997	WordPress Car Repair Services theme <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability — Car Repair Services	5.4	Medium	2025-06-06
CVE-2025-46341	Privilege escalation via SSRF when using HTTP auth — FreshRSS	7.1	High	2025-06-04
CVE-2025-48962	Acronis Cyber Protect 代码问题漏洞 — Acronis Cyber Protect 16	7.5^AI	High^AI	2025-06-04
CVE-2025-5510	quequnlong shiyi-blog optimize server-side request forgery — shiyi-blog	6.3	Medium	2025-06-03
CVE-2024-7073	Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services — WSO2 Identity Server as Key Manager	6.5	Medium	2025-06-02
CVE-2025-5327	chshcms mccms Gf.php index server-side request forgery — mccms	6.3	Medium	2025-05-29
CVE-2025-4967	Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS — Portal for ArcGIS	9.1	Critical	2025-05-29
CVE-2024-52588	Strapi allows Server-Side Request Forgery in Webhook function — strapi	4.9	Medium	2025-05-29
CVE-2025-5276	Markdownify MCP Server 安全漏洞 — mcp-markdownify-server	7.4	High	2025-05-29
CVE-2025-5186	thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery — JeeSite	6.3	Medium	2025-05-26

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1485 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1485