Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489

1489 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access — Flowise 7.1 High2026-03-10
CVE-2026-30953 LinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequest — LinkAce 7.7 High2026-03-10
CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers — mcp-atlassian 8.2 High2026-03-10
CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability — Azure MCP Server Tools 1.0.0 (npm) 8.8 High2026-03-10
CVE-2026-26121 Azure IOT Explorer Spoofing Vulnerability — Azure IoT Explorer 7.5 High2026-03-10
CVE-2026-24316 Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP 6.4 Medium2026-03-10
CVE-2026-25960 SSRF Protection Bypass in vLLM — vllm 7.1 High2026-03-09
CVE-2026-3588 Server-Side Request Forgery (SSRF) in ikea dirigera — dirigera 7.5 High2026-03-09
CVE-2026-3789 Bytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request forgery — Bytedesk 6.3 Medium2026-03-08
CVE-2026-3788 Bytedesk SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels server-side request forgery — Bytedesk 6.3 Medium2026-03-08
CVE-2026-3750 ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery — ContiNew Admin 4.7 Medium2026-03-08
CVE-2026-3733 xuxueli xxl-job JobInfoController.java server-side request forgery — xxl-job 6.3 Medium2026-03-08
CVE-2026-3683 bufanyun HotGo Endpoint upload.go ImageTransferStorage server-side request forgery — HotGo 6.3 Medium2026-03-07
CVE-2026-3681 welovemedia FFmate webhook.go fireWebhook server-side request forgery — FFmate 6.3 Medium2026-03-07
CVE-2026-30858 WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources — WeKnora 6.5 Medium2026-03-07
CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import — soft-serve 9.1 Critical2026-03-07
CVE-2026-30834 PinchTab: SSRF with Full Response Exfiltration via Download Handler — pinchtab 7.5 High2026-03-07
CVE-2026-27797 Homarr: Unauthenticated SSRF in rssFeed.ts — homarr 5.3 Medium2026-03-07
CVE-2026-30840 Wallos: Server-Side Request Forgery (SSRF) in Notification Testers — Wallos 9.8 -2026-03-07
CVE-2026-30839 Wallos: SSRF via webhook test endpoint — Wallos 6.5 -2026-03-07
CVE-2026-30247 WeKnora: SSRF via Redirection — WeKnora 5.9 Medium2026-03-07
CVE-2026-30242 Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer — plane 8.5 High2026-03-06
CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading — Wekan 9.1 -2026-03-06
CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint — lemmy 7.5 -2026-03-06
CVE-2026-28680 Ghostfolio: Full-Read SSRF in Manual Asset Import — ghostfolio 9.3 Critical2026-03-06
CVE-2026-28677 OpenSift: Insufficient URL destination restrictions in ingest flow could enable SSRF-style internal access — OpenSift 8.2 High2026-03-06
CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint — idno 6.5 -2026-03-06
CVE-2026-28476 OpenClaw < 2026.2.14 - Server-Side Request Forgery in Tlon Extension Authentication — OpenClaw 8.3 High2026-03-05
CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration — OpenClaw 6.5 Medium2026-03-05
CVE-2026-27023 Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client — twenty 5.0 Medium2026-03-05

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.