Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1495

1495 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14627 WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress 6.4 Medium2026-01-01
CVE-2025-34469 Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplification — Cowrie 7.5 -2025-12-31
CVE-2025-62088 WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability — WordPress & WooCommerce Scraper Plugin, Import Data from Any Site 5.4 Medium2025-12-31
CVE-2025-59138 WordPress Genemy theme <= 1.6.6 - Server Side Request Forgery (SSRF) vulnerability — Genemy 4.9 Medium2025-12-31
CVE-2025-15373 EyouCMS function.php saveRemote server-side request forgery — EyouCMS 6.3 Medium2025-12-31
CVE-2025-15264 FeehiCMS TimThumb timthumb.php server-side request forgery — FeehiCMS 7.3 High2025-12-30
CVE-2025-69014 WordPress Youzify plugin <= 1.3.7 - Server Side Request Forgery (SSRF) vulnerability — Youzify 4.9 Medium2025-12-30
CVE-2025-68893 WordPress WordPress Image shrinker plugin <= 1.1.0 - Server Side Request Forgery (SSRF) vulnerability — WordPress Image shrinker 4.9 Medium2025-12-29
CVE-2025-69206 Hemmelig has SSRF Filter bypass in Secret Request functionality — Hemmelig.app 4.3 Medium2025-12-29
CVE-2025-15098 YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery — yudao-cloud 6.3 Medium2025-12-26
CVE-2019-25251 Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings — VidiU Pro 6.5 Medium2025-12-24
CVE-2025-68600 WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability — Link Library 4.9 Medium2025-12-24
CVE-2025-67623 WordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerability — 6Storage Rentals 5.4 Medium2025-12-24
CVE-2025-68500 WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability — Prime Slider – Addons For Elementor 4.9 Medium2025-12-24
CVE-2025-68696 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage — httparty 9.1AICriticalAI2025-12-23
CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service — local-deep-research 6.3 Medium2025-12-23
CVE-2021-47715 Hasura GraphQL 1.3.3 Server-Side Request Forgery via Remote Schema Injection — Hasura GraphQL 5.3 Medium2025-12-22
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery — langflow 7.7 High2025-12-19
CVE-2025-13999 HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery — HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 7.2 High2025-12-19
CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability — Azure Cognitive Service for Language 9.9 Critical2025-12-18
CVE-2025-14277 Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery — Prime Slider – Addons for Elementor 4.3 Medium2025-12-18
CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter — parse-server 9.1AICriticalAI2025-12-16
CVE-2023-53899 PodcastGenerator 3.2.9 Blind Server-Side Request Forgery via XML Injection — Unknown 9.8 Critical2025-12-16
CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism — Red Hat OpenShift Container Platform 4 6.4 Medium2025-12-16
CVE-2025-67989 WordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerability — Kerge 5.4 Medium2025-12-16
CVE-2023-53893 Ateme TITAN File 3.9 Authenticated Server-Side Request Forgery Vulnerability — TITAN 4.3AIMediumAI2025-12-15
CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager — Kubernetes 5.8 Medium2025-12-14
CVE-2025-11970 Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery — Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated 4.4 Medium2025-12-13
CVE-2025-14518 PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery — PowerJob 6.3 Medium2025-12-11
CVE-2025-14516 Yalantis uCrop URL com.yalantis.ucrop.task.BitmapLoadTask.java downloadFile server-side request forgery — uCrop 6.3 Medium2025-12-11

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1495 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.