Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5538 QingdaoU OnlineJudge judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery — OnlineJudge 6.3 Medium2026-04-05
CVE-2026-5530 Ollama Model Pull API download.go server-side request forgery — Ollama 6.3 Medium2026-04-05
CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL — PraisonAI 8.6 High2026-04-03
CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback — PraisonAI 7.7 High2026-04-03
CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling — prompts.chat 7.7 High2026-04-03
CVE-2026-22662 prompts.chat Blind SSRF via media-generate — prompts.chat 4.3 Medium2026-04-03
CVE-2026-28798 Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS — ZimaOS 9.1 Critical2026-04-03
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability — Microsoft Bing 10.0 Critical2026-04-03
CVE-2026-31818 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist — budibase 9.6 Critical2026-04-03
CVE-2026-5470 mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery — Google-Research-MCP 6.3 Medium2026-04-03
CVE-2026-5469 Casdoor Webhook URL server-side request forgery — Casdoor 4.7 Medium2026-04-03
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability — Azure Custom Locations Resource Provider 9.6 Critical2026-04-02
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability — Azure Databricks 10.0 Critical2026-04-02
CVE-2026-5418 appsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery — appsmith 7.3 High2026-04-02
CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery — SQLbot 4.7 Medium2026-04-02
CVE-2026-34590 Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation — postiz-app 5.4 Medium2026-04-02
CVE-2026-34577 Postiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check — postiz-app 8.6 High2026-04-02
CVE-2026-34576 Postiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata — postiz-app 6.5AIMediumAI2026-04-02
CVE-2026-34526 SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6 — SillyTavern 5.0 Medium2026-04-02
CVE-2026-5346 huimeicloud hm_editor image-to-base64 Endpoint mcp-server.js client.get server-side request forgery — hm_editor 7.3 High2026-04-02
CVE-2026-32871 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability — fastmcp 9.1AICriticalAI2026-04-02
CVE-2026-0686 Webmention <= 5.6.2 - Unauthenticated Blind Server-Side Request Forgery — Webmention 7.2 High2026-04-02
CVE-2026-0688 Webmention <= 5.6.2 - Authenticated (Subscriber+) Server-Side Request Forgery — Webmention 6.4 Medium2026-04-02
CVE-2026-5323 priyankark a11y-mcp index.js A11yServer server-side request forgery — a11y-mcp 5.3 Medium2026-04-02
CVE-2026-34746 Payload has Authenticated SSRF via Upload Functionality — payload 7.7 High2026-04-01
CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host — javascript 7.4 High2026-04-01
CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability — Cisco Nexus Dashboard 6.1 Medium2026-04-01
CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF) — model-runner 8.2AIHighAI2026-04-01
CVE-2026-4989 Devolutions Server 安全漏洞 — Server 6.5AIMediumAI2026-04-01
CVE-2026-0932 M-Files Server 安全漏洞 — M-Files Server 8.2AIHighAI2026-04-01

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.