Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5259 AutohomeCorp frostmourne Alarm Preview AlarmController.java server-side request forgery — frostmourne 6.3 Medium2026-04-01
CVE-2026-34443 FreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask() — freescout 7.5 -2026-03-31
CVE-2026-34740 AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation — AVideo 6.5 Medium2026-03-31
CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field — InvoiceShelf 7.6 High2026-03-31
CVE-2026-34366 InvoiceShelf: SSRF in Payment Receipt PDF Rendering via Unsanitised HTML in Notes Field — InvoiceShelf 7.6 High2026-03-31
CVE-2026-34365 InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field — InvoiceShelf 7.6 High2026-03-31
CVE-2026-33185 Discourse: Group SMTP test endpoint susceptible to SSRF — discourse 4.3 -2026-03-31
CVE-2026-34360 HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing — org.hl7.fhir.core 5.8 Medium2026-03-31
CVE-2026-5205 chatwoot Webhook API trigger.rb Trigger server-side request forgery — chatwoot 6.3 Medium2026-03-31
CVE-2026-34504 OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider — OpenClaw 8.3 High2026-03-31
CVE-2026-34163 Server-Side Request Forgery via MCP Tools Endpoint in FastGPT — FastGPT 7.7 High2026-03-31
CVE-2026-34881 OpenStack Glance 安全漏洞 — Glance 5.0 Medium2026-03-31
CVE-2026-31804 Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server — Tautulli 4.0 Medium2026-03-30
CVE-2026-5126 SourceCodester RSS Feed Parser file_get_contents server-side request forgery — RSS Feed Parser 6.3 Medium2026-03-30
CVE-2026-0560 Server-Side Request Forgery (SSRF) in parisneo/lollms — parisneo/lollms 9.8 -2026-03-29
CVE-2026-5016 elecV2 elecV2P URL mock eAxios server-side request forgery — elecV2P 7.3 High2026-03-28
CVE-2025-12886 Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path — Oxygen - WooCommerce WordPress Theme 7.2 High2026-03-28
CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration — pyload 7.7 -2026-03-27
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce — LinkAce 8.5 High2026-03-27
CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution — LibreChat 7.7 High2026-03-27
CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP — LibreChat 8.5 High2026-03-27
CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery — letta 6.3 Medium2026-03-27
CVE-2026-33766 AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints — AVideo 8.2 -2026-03-27
CVE-2026-4953 mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery — MCMS 7.3 High2026-03-27
CVE-2026-33205 calibre has Server-Side Request Forgery in ebook viewer backend — calibre 8.6 -2026-03-27
CVE-2026-4907 Page-Replica Page Replica Endpoint sitemap sitemap.fetch server-side request forgery — Page Replica 6.3 Medium2026-03-27
CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() — lemmy 6.5 Medium2026-03-27
CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure) — streamlit 4.7 Medium2026-03-26
CVE-2026-33619 PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl — pinchtab 4.1 Medium2026-03-26
CVE-2026-33644 Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs — Lychee 7.5 -2026-03-26

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.