CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1487

1487 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-5276	Markdownify MCP Server 安全漏洞 — mcp-markdownify-server	7.4	High	2025-05-29
CVE-2025-5186	thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery — JeeSite	6.3	Medium	2025-05-26
CVE-2025-5140	Seeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData server-side request forgery — Zhiyuan OA Web Application System	6.3	Medium	2025-05-25
CVE-2025-48739	StrangeBee TheHive 代码问题漏洞 — TheHive	5.5^AI	Medium^AI	2025-05-23
CVE-2024-13957	SSRF Server Side Request Forgery — ASPECT-Enterprise	7.6	High	2025-05-22
CVE-2025-47936	TYPO3 Vulnerable to Server Side Request Forgery via Webhooks — typo3	3.3	Low	2025-05-20
CVE-2025-36560	appleple a-blog cms 代码问题漏洞 — a-blog cms	8.6	High	2025-05-19
CVE-2025-47791	Nextcloud Server's test remote endpoint is not rate limited — security-advisories	4.3	Medium	2025-05-16
CVE-2025-40595	SonicWALL SMA1000 安全漏洞 — SMA1000	9.1^AI	Critical^AI	2025-05-14
CVE-2024-13940	Ninja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form Webhook — Ninja Forms Webhooks	5.5	Medium	2025-05-14
CVE-2025-47733	Microsoft Power Apps Information Disclosure Vulnerability — Microsoft Power Pages	9.1	Critical	2025-05-08
CVE-2025-29972	Azure Storage Resource Provider Spoofing Vulnerability — Azure Storage Resource Provider (SRP)	9.9	Critical	2025-05-08
CVE-2025-47664	WordPress WP Pipes plugin <= 1.4.3 - Server Side Request Forgery (SSRF) Vulnerability — WP Pipes	4.4	Medium	2025-05-07
CVE-2025-47635	WordPress WebinarPress plugin <= 1.33.28 - Server Side Request Forgery (SSRF) Vulnerability — WebinarPress	5.5	Medium	2025-05-07
CVE-2025-47548	WordPress Wbcom Designs - Activity Link Preview For BuddyPress plugin <= 1.4.4 - Server Side Request Forgery (SSRF) Vulnerability — Wbcom Designs - Activity Link Preview For BuddyPress	5.4	Medium	2025-05-07
CVE-2025-47483	WordPress Easy Replace Image plugin <= 3.5.0 - Server Side Request Forgery (SSRF) Vulnerability — Easy Replace Image	4.9	Medium	2025-05-07
CVE-2025-47484	WordPress Display Remote Posts Block plugin <= 1.1.0 - Server Side Request Forgery (SSRF) Vulnerability — Display Remote Posts Block	6.4	Medium	2025-05-07
CVE-2025-47464	WordPress Solace Extra plugin <= 1.3.1 - Server Side Request Forgery (SSRF) Vulnerability — Solace Extra	4.9	Medium	2025-05-07
CVE-2024-55910	IBM Concert Software server-side request forgery — Concert Software	6.5	Medium	2025-05-02
CVE-2025-46568	Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability — Stirling-PDF	7.5^AI	High^AI	2025-05-01
CVE-2024-13845	Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook — Gravity Forms WebHooks	5.5	Medium	2025-05-01
CVE-2025-2170	SonicWALL SMA1000 安全漏洞 — SMA1000	9.8^AI	Critical^AI	2025-04-30
CVE-2025-4012	playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery — PlayEdu 开源培训系统	2.7	Low	2025-04-28
CVE-2023-35817	DevExpress 安全漏洞 — DevExpress	5.0	Medium	2025-04-28
CVE-2025-3954	ChurchCRM Referer server-side request forgery — ChurchCRM	3.7	Low	2025-04-26
CVE-2025-3775	ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	6.5	Medium	2025-04-25
CVE-2025-46531	WordPress WP AVCL Automation Helper (formerly WPFlyLeads) plugin <= 3.4 - Server Side Request Forgery (SSRF) Vulnerability — WP AVCL Automation Helper (formerly WPFlyLeads)	4.9	Medium	2025-04-24
CVE-2025-46511	WordPress BeerXML Shortcode plugin <= 0.7.1 - Server Side Request Forgery (SSRF) Vulnerability — BeerXML Shortcode	6.4	Medium	2025-04-24
CVE-2025-46503	WordPress Simple Google Photos Grid plugin <= 1.5 - Server Side Request Forgery (SSRF) Vulnerability — Simple Google Photos Grid	4.9	Medium	2025-04-24
CVE-2025-46443	WordPress Animate plugin <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability — Animate	4.9	Medium	2025-04-24

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1487 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1487