Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6215 DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery — DbGate 6.3 Medium2026-04-13
CVE-2026-33534 EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation — espocrm 4.3 Medium2026-04-13
CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server — Apache SkyWalking MCP 9.1 -2026-04-13
CVE-2026-5936 Server-Side Request Forgery (SSRF) via URL Parameter in Foxit PDF Services API — Foxit PDF Services API 8.5 High2026-04-13
CVE-2026-6119 AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery — AstrBot 6.3 Medium2026-04-12
CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery — MetaGPT 6.3 Medium2026-04-12
CVE-2026-4979 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP 5.0 Medium2026-04-11
CVE-2026-40242 Arcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint — arcane 7.2 High2026-04-10
CVE-2026-39922 GeoNode SSRF via Service Registration — GeoNode 8.1 -2026-04-10
CVE-2026-39921 GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload — GeoNode 7.1 -2026-04-10
CVE-2026-40168 Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream — postiz-app 8.2 High2026-04-10
CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs — chartbrew 8.1 -2026-04-10
CVE-2026-31941 Server-Side Request Forgery (SSRF) in Chamilo LMS — chamilo-lms 7.7 High2026-04-10
CVE-2026-40160 PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback — PraisonAIAgents 7.4AIHighAI2026-04-10
CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default — FastGPT 5.3 Medium2026-04-10
CVE-2026-6011 OpenClaw assertPublicHostname web-fetch.ts server-side request forgery — OpenClaw 5.6 Medium2026-04-10
CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions — OpenClaw 7.4 High2026-04-09
CVE-2026-40150 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool — PraisonAIAgents 7.7 High2026-04-09
CVE-2026-40114 PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API — PraisonAI 7.2 High2026-04-09
CVE-2026-40107 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering — siyuan 6.1AIMediumAI2026-04-09
CVE-2026-40089 Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client — audiostreaming-stack 9.9 Critical2026-04-09
CVE-2026-40072 web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling — web3.py 9.1AICriticalAI2026-04-09
CVE-2026-39974 n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode — n8n-mcp 8.5 High2026-04-09
CVE-2026-39843 Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching — plane 7.7 High2026-04-09
CVE-2026-5832 atototo api-lab-mcp HTTP http-server.ts test_http_endpoint server-side request forgery — api-lab-mcp 7.3 High2026-04-09
CVE-2026-39885 FrontMCP Affected by SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications — frontmcp 7.5 High2026-04-08
CVE-2026-5803 bigsk1 openai-realtime-ui API Proxy Endpoint server.js server-side request forgery — openai-realtime-ui 6.3 Medium2026-04-08
CVE-2026-39362 InvenTree has SSRF via Remote Image Download — No IP/Hostname Validation on remote_image URLs — InvenTree 7.1AIHighAI2026-04-08
CVE-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks — zammad 6.5AIMediumAI2026-04-08
CVE-2026-32591 Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration — mirror registry for Red Hat OpenShift 5.2 Medium2026-04-08

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.