CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4231	vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery — vanna	7.3	High	2026-03-16
CVE-2026-4215	FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery — flow-core-x	6.3	Medium	2026-03-16
CVE-2026-4200	glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery — glowxq-oj	7.3	High	2026-03-16
CVE-2026-32412	WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 3.1.7 - Server Side Request Forgery (SSRF) vulnerability — Gift Up Gift Cards for WordPress and WooCommerce	9.8	-	2026-03-13
CVE-2026-32357	WordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerability — Simple Blog Card	9.1	-	2026-03-13
CVE-2026-32353	WordPress MailerPress plugin <= 1.4.2 - Server Side Request Forgery (SSRF) vulnerability — MailerPress	9.1	-	2026-03-13
CVE-2026-32349	WordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability — Embed PDF Viewer	9.1	-	2026-03-13
CVE-2026-32301	Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL — centrifugo	9.3	Critical	2026-03-12
CVE-2026-32236	@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch — plugin-auth-backend	7.5	-	2026-03-12
CVE-2026-21887	OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature — opencti	7.7	High	2026-03-12
CVE-2026-3966	648540858 wvp-GB28181-pro IP Address ABLMediaNodeServerService.java getDownloadFilePath server-side request forgery — wvp-GB28181-pro	6.3	Medium	2026-03-12
CVE-2026-3961	zyddnys manga-image-translator Translate Endpoints request_extraction.py to_pil_image server-side request forgery — manga-image-translator	6.3	Medium	2026-03-11
CVE-2026-32133	2FAuth has Blind SSRF in image parameter allows internal network access and more — 2FAuth	7.1^AI	High^AI	2026-03-11
CVE-2026-3958	Woahai321 ListSync JSON api_server.py requests.post server-side request forgery — ListSync	6.3	Medium	2026-03-11
CVE-2026-32111	ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle — ha-mcp	5.3	Medium	2026-03-11
CVE-2026-32110	SiYuan has a Full-Read SSRF via /api/network/forwardProxy — siyuan	8.3	High	2026-03-11
CVE-2026-32096	Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns — plunk	9.3	Critical	2026-03-11
CVE-2026-31974	Blind SSRF on OpenProject instance via webhooks — openproject	3.0	Low	2026-03-11
CVE-2026-31959	SSRF in Quill via unvalidated URL from Apple notarization log retrieval — quill	5.3	Medium	2026-03-11
CVE-2026-31878	Frappe: Possible SSRF by any authenticated user — frappe	5.0	Medium	2026-03-11
CVE-2026-21293	Adobe Commerce \| Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Commerce	5.5	Medium	2026-03-11
CVE-2026-21294	Adobe Commerce \| Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Commerce	5.5	Medium	2026-03-11
CVE-2026-31829	Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access — Flowise	7.1	High	2026-03-10
CVE-2026-30953	LinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequest — LinkAce	7.7	High	2026-03-10
CVE-2026-27826	MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers — mcp-atlassian	8.2	High	2026-03-10
CVE-2026-26118	Azure MCP Server Tools Elevation of Privilege Vulnerability — Azure MCP Server Tools 1.0.0 (npm)	8.8	High	2026-03-10
CVE-2026-26121	Azure IOT Explorer Spoofing Vulnerability — Azure IoT Explorer	7.5	High	2026-03-10
CVE-2026-24316	Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP	6.4	Medium	2026-03-10
CVE-2026-25960	SSRF Protection Bypass in vLLM — vllm	7.1	High	2026-03-09
CVE-2026-3588	Server-Side Request Forgery (SSRF) in ikea dirigera — dirigera	7.5	High	2026-03-09

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481