Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1496

1496 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14516 Yalantis uCrop URL com.yalantis.ucrop.task.BitmapLoadTask.java downloadFile server-side request forgery — uCrop 6.3 Medium2025-12-11
CVE-2025-11467 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator 5.8 Medium2025-12-11
CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF — BrightSign Digital Signage Diagnostic Web Server 5.3AIMediumAI2025-12-10
CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login — zitadel 9.3 Critical2025-12-09
CVE-2021-47703 OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php — OpenBMCS 6.5AIMediumAI2025-12-09
CVE-2025-63010 WordPress Hercules Core plugin <= 7.4 - Server Side Request Forgery (SSRF) vulnerability — Hercules Core 4.9 Medium2025-12-09
CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery — InfoSphere Information Server 4.6 Medium2025-12-08
CVE-2025-26487 Server Side Request Forgery (SSRF) in the web server of Infinera MTC-9 — MTC-9 8.6 High2025-12-08
CVE-2025-14116 xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery — Yuxi-Know 4.7 Medium2025-12-05
CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF — Apache HTTP Server 5.3 -2025-12-05
CVE-2025-65958 Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web — open-webui 8.5 High2025-12-04
CVE-2025-14008 dayrui XunRuiCMS Project Domain Change Test admin79f2ec220c7e.php server-side request forgery — XunRuiCMS 4.7 Medium2025-12-04
CVE-2025-14004 dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery — XunRuiCMS 4.7 Medium2025-12-04
CVE-2025-20388 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise — Splunk Enterprise 2.7 Low2025-12-03
CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio — Opinio 9.1AICriticalAI2025-12-02
CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host — gateway 6.5AIMediumAI2025-12-01
CVE-2025-27232 Frontend arbitrary file read in oauth.authorize action — Zabbix 4.9AIMediumAI2025-12-01
CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery — Mogu Blog v2 7.3 High2025-12-01
CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery — orion-ops 6.3 Medium2025-12-01
CVE-2025-13796 deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery — apps 6.3 Medium2025-11-30
CVE-2025-13789 ZenTao model.php makeRequest server-side request forgery — ZenTao 6.3 Medium2025-11-30
CVE-2025-13378 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter — AI ChatBot with ChatGPT and Content Generator by AYS 6.5 Medium2025-11-27
CVE-2025-33203 NVIDIA NeMo Agent ToolKit 代码问题漏洞 — NeMo Agent ToolKit 7.6 High2025-11-25
CVE-2025-62155 QuantumNous New API Has SSRF Bypass — new-api 8.5 High2025-11-24
CVE-2025-13588 lKinderBueno Streamity Xtream IPTV Player proxy.php server-side request forgery — Streamity Xtream IPTV Player 6.3 Medium2025-11-24
CVE-2025-12800 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2025-11-23
CVE-2025-62207 Azure Monitor Elevation of Privilege Vulnerability — Azure Monitor Control Service 8.6 High2025-11-20
CVE-2025-13147 External Service Interaction (DNS) — MOVEit Transfer 5.3 Medium2025-11-19
CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery — Responsive Lightbox & Gallery 5.4 Medium2025-11-19
CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery — Icon List Block – Add Icon-Based Lists with Custom Styles 6.4 Medium2025-11-18

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1496 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.