Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489

1489 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-28036 WordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability — Ratatouille 6.4 Medium2026-03-05
CVE-2026-3125 SSRF vulnerability in opennextjs-cloudflare via /cdn-cgi/ path normalization bypass — @opennextjs/cloudflare 9.1AICriticalAI2026-03-04
CVE-2026-1273 PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX 7.2 High2026-03-04
CVE-2026-27600 HomeBox affected by Blind SSRF — homebox 5.0 Medium2026-03-03
CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF) — ZimaOS 7.1 High2026-03-02
CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF) — chamilo-lms 9.1AICriticalAI2026-03-02
CVE-2024-50337 Chamilo: Potential unauthenticated blind SSRF via openid function — chamilo-lms 5.3 Medium2026-03-02
CVE-2026-27759 Featured Image from Content < 1.7 Authenticated SSRF via save_post — Featured Image from Content 8.1 -2026-02-27
CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide — cms 6.8 Medium2026-02-27
CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing — gradio 8.2 High2026-02-27
CVE-2026-3286 itwanger paicoding Image Save Endpoint ImageRestController.java save server-side request forgery — paicoding 6.3 Medium2026-02-27
CVE-2026-3270 psi-probe PSI Probe Whois Whois.java lookup server-side request forgery — PSI Probe 6.3 Medium2026-02-26
CVE-2026-28295 Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses — Red Hat Enterprise Linux 10 4.3 Medium2026-02-26
CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize — astro 6.5 Medium2026-02-26
CVE-2026-27945 ZITADEL has potential SSRF via Actions — zitadel 6.5AIMediumAI2026-02-26
CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API — mailpit 5.8 Medium2026-02-25
CVE-2026-24005 OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field — kruise--2026-02-25
CVE-2026-27795 LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader — langchainjs 4.1 Medium2026-02-25
CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline — angular-cli 9.8AICriticalAI2026-02-25
CVE-2026-3189 feiyuchuixue sz-boot-parent download server-side request forgery — sz-boot-parent 3.1 Low2026-02-25
CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature — plane 7.7 High2026-02-25
CVE-2026-27730 esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route — esm.sh 5.3AIMediumAI2026-02-25
CVE-2025-50180 esm.sh is vulnerable to full-response SSRF — esm.sh 7.5AIHighAI2026-02-25
CVE-2026-2479 Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload — Responsive Lightbox & Gallery 5.0 Medium2026-02-25
CVE-2026-3163 SourceCodester Website Link Extractor URL file_get_contents server-side request forgery — Website Link Extractor 6.3 Medium2026-02-25
CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs — changedetection.io 8.6 High2026-02-25
CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url — mastodon 6.5 -2026-02-24
CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php — AVideo 8.1 -2026-02-24
CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads — payload 6.5 Medium2026-02-24
CVE-2026-27129 Cloud Metadata SSRF Protection Bypass via IPv6 Resolution — cms 7.1AIHighAI2026-02-24

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.