CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1487

1487 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-5186	Server Side Request Forgery (SSRF) in imartinez/privategpt — imartinez/privategpt	7.5^AI	High^AI	2024-06-06
CVE-2024-5482	SSRF in add_webpage endpoint in parisneo/lollms-webui — parisneo/lollms-webui	9.8^AI	Critical^AI	2024-06-06
CVE-2024-4325	Server-Side Request Forgery (SSRF) in gradio-app/gradio — gradio-app/gradio	7.5^AI	High^AI	2024-06-06
CVE-2024-3152	Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm — mintplex-labs/anything-llm	9.8^AI	Critical^AI	2024-06-06
CVE-2024-20404	Cisco Finesse 代码问题漏洞 — Cisco Unified Contact Center Enterprise	7.2	High	2024-06-05
CVE-2024-5526	Grafana OnCall 安全漏洞 — OnCall	7.7	High	2024-06-05
CVE-2024-4084	SSRF vulnerability in mintplex-labs/anything-llm — mintplex-labs/anything-llm	9.1	-	2024-06-05
CVE-2024-4219	SSRF In BeyondInsight — BeyondInsight	4.8	Medium	2024-06-04
CVE-2024-35633	WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability — Blocksy Companion	4.4	Medium	2024-06-03
CVE-2024-35635	WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability — Ninja Tables	4.4	Medium	2024-06-03
CVE-2024-35637	WordPress Church Admin plugin <= 4.3.6 - Server Side Request Forgery (SSRF) vulnerability — Church Admin	4.4	Medium	2024-06-03
CVE-2023-7073	Auto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery — Auto Featured Image (Auto Post Thumbnail)	6.4	Medium	2024-05-31
CVE-2024-1855	WPCafe <= 2.2.23 - Unauthenticated Blind Server-Side Request Forgery — WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System	5.3	Medium	2024-05-23
CVE-2024-5031	MemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode — Memberpress	8.5	High	2024-05-22
CVE-2024-4789	Cost Calculator Builder Pro <= 3.1.72 - Authenticated (Subscriber+) Server-Side Request Forgery — Cost Calculator Builder PRO	6.4	Medium	2024-05-17
CVE-2024-3485	Server-Side Request Forgery vulnerability in iManager — iManager	5.3	Medium	2024-05-15
CVE-2024-3970	Server-Side Request Forgery vulnerability in iManager — iManager	5.3	Medium	2024-05-15
CVE-2024-4894	ITPison OMICARD EDM - Server-Side Request Forgery — OMICARD EDM	5.3	Medium	2024-05-15
CVE-2024-4562	WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via HttpMonitorSettings — WhatsUp Gold	5.4	Medium	2024-05-14
CVE-2024-4561	WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via FaviconController — WhatsUp Gold	4.2	Medium	2024-05-14
CVE-2024-0862	Proofpoint Enterprise Protection 代码问题漏洞 — Enterprise Protection	5.0	Medium	2024-05-14
CVE-2024-35172	WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability — ShortPixel Adaptive Images	4.4	Medium	2024-05-13
CVE-2024-32964	lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability — lobe-chat	9.0	Critical	2024-05-10
CVE-2024-1467	Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery — Starter Templates – AI-Powered Templates for Elementor & Gutenberg	4.3	Medium	2024-05-09
CVE-2024-34351	Next.js Server-Side Request Forgery in Server Actions — next.js	7.5	High	2024-05-09
CVE-2024-3047	PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Server-Side Request Forgery — PDF Invoices & Packing Slips for WooCommerce	7.2	High	2024-05-02
CVE-2024-23336	Incomplete disallowed remote addresses list in MyBB — mybb	5.0	Medium	2024-05-01
CVE-2024-2663	ZD YouTube FLV Player <= 1.2.6 - Server-Side Request Forgery — ZD YouTube FLV Player	8.3	High	2024-04-30
CVE-2024-0216	Google Doc Embedder <= 2.6.4 - Authenticated (Contributor+) Blind Server Side Request Forgery — Google Doc Embedder	6.4	Medium	2024-04-30
CVE-2024-33590	WordPress basepress plugin <= 2.16.1 - Server Side Request Forgery (SSRF) vulnerability — Knowledge Base documentation & wiki plugin – BasePress	5.0	Medium	2024-04-29

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1487 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1487