Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1496

1496 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1857 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 4.3 Medium2026-02-18
CVE-2025-36243 Multiple Vulnerabilities in IBM Concert Software. — Concert 5.4 Medium2026-02-17
CVE-2026-2558 GeekAI net_handler.go Download server-side request forgery — GeekAI 6.3 Medium2026-02-16
CVE-2026-2556 cskefu Endpoint MediaController.java server-side request forgery — cskefu 6.3 Medium2026-02-16
CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery — DeepAudit 6.3 Medium2026-02-16
CVE-2026-2531 MindsDB File Upload security.py clear_filename server-side request forgery — MindsDB 6.3 Medium2026-02-16
CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery — MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.0 Medium2026-02-14
CVE-2026-0745 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter — User Language Switch 5.5 Medium2026-02-14
CVE-2026-25991 Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import — recipes 7.7 High2026-02-13
CVE-2026-26005 ClipBucket v5 enables internal network scans via an SSRF vulnerability — clipbucket-v5 5.0 Medium2026-02-12
CVE-2026-1356 Converter for Media – Optimize images | Convert WebP & AVIF <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src — Converter for Media – Optimize images | Convert WebP & AVIF 4.8 Medium2026-02-12
CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation — langchainjs 4.1 Medium2026-02-11
CVE-2025-12073 Server-Side Request Forgery (SSRF) in GitLab — GitLab 4.3 Medium2026-02-11
CVE-2025-12575 Server-Side Request Forgery (SSRF) in GitLab — GitLab 5.4 Medium2026-02-11
CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF — DoraCMS 5.8 Medium2026-02-10
CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages — langchain 3.7 Low2026-02-10
CVE-2026-21512 Azure DevOps Server Cross-Site Scripting Vulnerability — Azure DevOps Server 2022 6.5 Medium2026-02-10
CVE-2025-11242 SSRF in Teknolist Computer's Okulistik — Okulistik 9.8 Critical2026-02-10
CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url — faraday 5.8 Medium2026-02-09
CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection — langsmith-sdk 5.8 Medium2026-02-09
CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation — cms 7.5AIHighAI2026-02-09
CVE-2026-25493 Craft has a SSRF in GraphQL Asset Mutation via HTTP Redirect — cms 9.1AICriticalAI2026-02-09
CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host — cms 6.5AIMediumAI2026-02-09
CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' — Fluent Forms Pro Add On Pack 5.4 Medium2026-02-09
CVE-2026-25904 Overly permissive Deno configuration in mcp-run-python leads to SSRF 5.8 Medium2026-02-09
CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping — homarr 5.3 Medium2026-02-06
CVE-2026-25580 Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling — pydantic-ai 8.6 High2026-02-06
CVE-2025-68157 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects — webpack 3.7 Low2026-02-05
CVE-2025-68458 webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior — webpack 3.7 Low2026-02-05
CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint — All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink 7.2 High2026-02-05

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1496 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.