Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1495

1495 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element — Chainlit 8.1AIHighAI2026-01-19
CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API — mailpit 5.8 Medium2026-01-19
CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery — TMS 6.3 Medium2026-01-17
CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter — Church Admin 2.2 Low2026-01-17
CVE-2025-15104 Nu Html Checker (validator.nu) - Restriction bypass vulnerability allowing local SSRF — The Nu Html Checker 7.5 -2026-01-16
CVE-2025-14793 DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery — DK PDF – WordPress PDF Generator 5.0 Medium2026-01-16
CVE-2026-23768 Lucy-XSS 安全漏洞 — lucy-xss-filter--2026-01-16
CVE-2021-47776 Umbraco v8.14.1 - 'baseUrl' SSRF — Umbraco 5.3 Medium2026-01-15
CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration — Nexus Repository 4.9AIMediumAI2026-01-14
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector — Kibana 8.6 High2026-01-14
CVE-2025-14613 GetContentFromURL <= 1.0 - Authenticated (Contributor+) Server-Side Request Forgery via 'url' Shortcode Attribute — GetContentFromURL 7.2 High2026-01-14
CVE-2026-20958 Microsoft SharePoint Information Disclosure Vulnerability — Microsoft SharePoint Enterprise Server 2016 5.4 Medium2026-01-13
CVE-2025-67685 Fortinet FortiSandbox 代码问题漏洞 — FortiSandbox 3.4 Low2026-01-13
CVE-2026-22805 Metabase channel test endpoint can reach internal local addresses — metabase 8.2AIHighAI2026-01-12
CVE-2026-22772 Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass — fulcio 5.8 Medium2026-01-12
CVE-2025-13393 Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' — Featured Image from URL (FIFU) 4.3 Medium2026-01-10
CVE-2026-22597 Ghost has SSRF via External Media Inliner — Ghost 6.5 -2026-01-10
CVE-2026-22245 Mastodon has SSRF Protection bypass — mastodon 9.4 -2026-01-08
CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources — v2 6.5 Medium2026-01-08
CVE-2025-22726 WordPress nK Themes Helper plugin <= 1.7.9 - Server Side Request Forgery (SSRF) vulnerability — nK Themes Helper 6.4 Medium2026-01-08
CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF) — mailpit 5.8 Medium2026-01-07
CVE-2019-25290 INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage — Smartliving SmartLAN/G/SI 5.3 Medium2026-01-07
CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions — LibreChat 9.1 Critical2026-01-07
CVE-2025-58441 Knowage is vulnerable to blind server-side request forgery (SSRF) — Knowage-Server 5.3 -2026-01-07
CVE-2025-49335 WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability — External Media 4.9 Medium2026-01-07
CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery — invoiceninja 4.7 Medium2026-01-07
CVE-2025-14438 Xagio SEO <= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request Forgery — Xagio SEO – AI Powered SEO 6.4 Medium2026-01-06
CVE-2025-68437 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation — cms 9.1 -2026-01-05
CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF) — emlog 7.7 High2026-01-02
CVE-2025-15414 go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery — sonic 4.7 Medium2026-01-01

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1495 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.