CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1496

1496 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-62616	AutoGPT has SSRF vulnerability in SendDiscordFileBlock — AutoGPT	8.1^AI	High^AI	2026-02-04
CVE-2025-62615	AutoGPT has SSRF vulnerability in ReadRSSFeedBlock — AutoGPT	9.1^AI	Critical^AI	2026-02-04
CVE-2026-1884	ZenTao Webhook model.php fetchHook server-side request forgery — ZenTao	4.7	Medium	2026-02-04
CVE-2026-25511	Group-Office is vulnerable to SSRF and File Read in WOPI service discovery — groupoffice	6.8^AI	Medium^AI	2026-02-04
CVE-2026-22247	GLPI is Vulnerable to SSRF via Webhooks — glpi	4.1	Medium	2026-02-04
CVE-2026-24961	WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability — Grand Blog	5.4	Medium	2026-02-03
CVE-2025-13096	XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow - — Business Automation Workflow containers	7.1	High	2026-02-02
CVE-2026-1518	Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak — Red Hat Build of Keycloak	2.7	Low	2026-02-02
CVE-2026-24902	TrustTunnel has SSRF and private network restriction bypass via numeric address destinations — TrustTunnel	7.1	High	2026-01-29
CVE-2026-24767	NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality — nocodb	4.9	Medium	2026-01-28
CVE-2025-68662	FinalDestination hostname matching allows SSRF protection bypass — discourse	7.6	High	2026-01-28
CVE-2020-36944	ILIAS Learning Management System 4.3 - SSRF — ILIAS Learning Management System	4.0	Medium	2026-01-28
CVE-2025-14610	TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter — TableMaster for Elementor – Advanced Responsive Tables for Elementor	7.2	High	2026-01-28
CVE-2026-24779	vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector` — vllm	7.1	High	2026-01-27
CVE-2026-24736	Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration — squidex	9.1	Critical	2026-01-27
CVE-2026-0746	AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery — AI Engine – The Chatbot, AI Framework & MCP for WordPress	6.4	Medium	2026-01-27
CVE-2025-9522	Blind Server-Side Request Forgery (SSRF) in Omada Controller — Omada Controller	7.5^AI	High^AI	2026-01-26
CVE-2026-0807	Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter — Frontis Blocks — Block Library for the Block Editor	7.2	High	2026-01-24
CVE-2026-24548	WordPress Radio Player plugin <= 2.0.91 - Server Side Request Forgery (SSRF) vulnerability — Radio Player	5.4	Medium	2026-01-23
CVE-2026-24138	FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php` — fogproject	7.5	High	2026-01-23
CVE-2026-24117	Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL — rekor	5.3	Medium	2026-01-22
CVE-2026-24381	WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability — PhotoMe	5.4	Medium	2026-01-22
CVE-2026-24360	WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulnerability — Seriously Simple Podcasting	4.4	Medium	2026-01-22
CVE-2026-22482	WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability — IMGspider	4.9	Medium	2026-01-22
CVE-2026-22358	WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability — Electrician - Electrical Service WordPress	5.4	Medium	2026-01-22
CVE-2025-68030	WordPress Frontis Blocks plugin <= 1.1.5 - Server Side Request Forgery (SSRF) vulnerability — Frontis Blocks	7.2	High	2026-01-22
CVE-2025-67961	WordPress WPO365 plugin <= 40.0 - Server Side Request Forgery (SSRF) vulnerability — WPO365	6.4	Medium	2026-01-22
CVE-2025-64252	WordPress ANAC XML Viewer plugin <= 1.8.2 - Server Side Request Forgery (SSRF) vulnerability — ANAC XML Viewer	4.9	Medium	2026-01-22
CVE-2025-62741	WordPress Pool Services theme <= 3.3 - Server Side Request Forgery (SSRF) vulnerability — Pool Services	5.4	Medium	2026-01-22
CVE-2026-24048	Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow` — backstage	3.5	Low	2026-01-21

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1496 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1496