Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1496

1496 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-62763 Zimbra Collaboration 代码问题漏洞 — Collaboration 5.0 Medium2025-10-21
CVE-2025-11536 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery — Element Pack – Widgets, Templates & Addons for Elementor 5.0 Medium2025-10-20
CVE-2025-11361 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 6.4 Medium2025-10-18
CVE-2025-34282 ThingsBoard < v4.2.1 SVG Image SSRF — ThingsBoard 8.1AIHighAI2025-10-17
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module — lobe-chat 3.0 Low2025-10-17
CVE-2025-11864 NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery — Nucleoid 7.3 High2025-10-16
CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR — angular-cli 9.1AICriticalAI2025-10-16
CVE-2025-10056 Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery — Task Scheduler 4.4 Medium2025-10-15
CVE-2025-11674 PiExtract|SOOP-CLM - Server-Side Request Forgery — SOOP-CLM 6.8 Medium2025-10-13
CVE-2025-11648 Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery — Furbo 360 5.6 Medium2025-10-12
CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery — Furbo 360 5.6 Medium2025-10-12
CVE-2025-31993 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF) — Unica Centralized Offer Management 3.5 Low2025-10-12
CVE-2025-9975 WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery — WP Scraper 6.8 Medium2025-10-11
CVE-2025-59146 New API has Authenticated Server-Side Request Forgery (SSRF) issue — new-api 8.5 High2025-10-09
CVE-2025-9868 Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin — Nexus Repository 7.5AIHighAI2025-10-08
CVE-2025-6242 Vllm: server side request forgery (ssrf) in mediaconnector — Red Hat AI Inference Server 7.1 High2025-10-07
CVE-2025-11286 samanhappy MCPHub MCPRouter Service serverController.ts server-side request forgery — MCPHub 4.7 Medium2025-10-05
CVE-2025-10695 OpenSupports 4.11.0 — SSRF via test imap and smtp endpoints — OpenSupports 7.5AIHighAI2025-10-03
CVE-2025-61735 Apache Kylin: Server-Side Request Forgery — Apache Kylin 9.1AICriticalAI2025-10-02
CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise — Splunk Enterprise 7.5 High2025-10-01
CVE-2025-10735 Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery — Block for Mailchimp – Add Email Subscription Forms and Collect Leads 4.0 Medium2025-10-01
CVE-2025-11046 Tencent WeKnora test testEmbeddingModel server-side request forgery — WeKnora 7.3 High2025-09-26
CVE-2025-60181 WordPress Silencesoft RSS Reader Plugin <= 0.6 - Server Side Request Forgery (SSRF) Vulnerability — Silencesoft RSS Reader 5.4 Medium2025-09-26
CVE-2025-60161 WordPress ZoloBlocks Plugin <= 2.3.11 - Server Side Request Forgery (SSRF) Vulnerability — ZoloBlocks 5.4 Medium2025-09-26
CVE-2025-10137 Snow Monkey <= 29.1.5 - Unauthenticated Blind Server-Side Request Forgery — Snow Monkey 5.4 Medium2025-09-26
CVE-2025-42907 Server-Side Request Forgery in SAP BI Platform — SAP BI Platform 4.3 Medium2025-09-23
CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability — Flowise 7.5 High2025-09-22
CVE-2025-9960 is-localhost-ip 2.0.0 - SSRF via Restrictions bypass — is-localhost-ip 9.1AICriticalAI2025-09-22
CVE-2025-58962 WordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) Vulnerability — Publitio 6.4 Medium2025-09-22
CVE-2025-53457 WordPress SEO Backlink Monitor plugin <= 1.8.0 - Server Side Request Forgery (SSRF) vulnerability — SEO Backlink Monitor 4.4 Medium2025-09-22

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1496 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.