CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1496

1496 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-24485	MedDream PACS Premium 代码问题漏洞 — MedDream PACS Premium	5.8	Medium	2025-07-28
CVE-2025-8267	SSRF Check 安全漏洞 — ssrfcheck	8.2	High	2025-07-28
CVE-2025-8228	yanyutao0402 ChanCMS getPages server-side request forgery — ChanCMS	6.3	Medium	2025-07-27
CVE-2025-52455	Salesforce Tableau 安全漏洞 — Tableau Server	5.4	-	2025-07-25
CVE-2025-52454	Salesforce Tableau Server 安全漏洞 — Tableau Server	6.5	-	2025-07-25
CVE-2025-52453	Salesforce Tableau 安全漏洞 — Tableau Server	4.3	-	2025-07-25
CVE-2025-8133	yanyutao0402 ChanCMS gather.js getArticle server-side request forgery — ChanCMS	6.3	Medium	2025-07-25
CVE-2025-8020	private-ip 安全漏洞 — private-ip	8.2	High	2025-07-23
CVE-2025-5818	Featured Image Plus – Quick & Bulk Edit with Unsplash <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery — Featured Image Plus – Bulk Edit Featured Images, Unsplash & Alt Text Manager	5.5	Medium	2025-07-23
CVE-2025-54122	Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint — Manager	10.0	Critical	2025-07-21
CVE-2025-46385	Emby Windows 代码问题漏洞 — Windows	8.6	High	2025-07-20
CVE-2025-7787	Xuxueli xxl-job SampleXxlJob.java httpJobHandler server-side request forgery — xxl-job	6.3	Medium	2025-07-18
CVE-2025-7759	thinkgem JeeSite UEditor Image Grabber ActionEnter.java server-side request forgery — JeeSite	6.3	Medium	2025-07-17
CVE-2025-20288	Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability — Cisco Unified Contact Center Express	5.8	Medium	2025-07-16
CVE-2024-9408	Eclipse GlassFish 代码问题漏洞 — Eclipse Glassfish	9.8	-	2025-07-16
CVE-2025-48294	WordPress FG Drupal to WordPress plugin <= 3.90.0 - Server Side Request Forgery (SSRF) Vulnerability — FG Drupal to WordPress	4.4	Medium	2025-07-16
CVE-2025-1220	Null byte termination in hostnames — PHP	3.7	Low	2025-07-13
CVE-2025-53641	Postiz allows header mutation in middleware facilitates resulting in SSRF — postiz-app	8.2	High	2025-07-11
CVE-2025-50125	Schneider Electric EcoStruxure IT Data Center Expert 代码问题漏洞 — EcoStruxure™ IT Data Center Expert	9.8^AI	Critical^AI	2025-07-11
CVE-2025-6851	Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery — Broken Link Notifier	7.2	High	2025-07-11
CVE-2024-43394	Apache HTTP Server: SSRF on Windows due to UNC paths — Apache HTTP Server	7.5	-	2025-07-10
CVE-2024-43204	Apache HTTP Server: SSRF with mod_headers setting Content-Type header — Apache HTTP Server	5.9^AI	Medium^AI	2025-07-10
CVE-2025-49545	ColdFusion \| Server-Side Request Forgery (SSRF) (CWE-918) — ColdFusion	6.2	Medium	2025-07-08
CVE-2025-0292	Ivanti Connect Secure和Ivanti Policy Secure 代码问题漏洞 — Connect Secure	5.5	Medium	2025-07-08
CVE-2025-42965	Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application — SAP BusinessObjects BI Platform Central Management Console Promotion Management Application	4.1	Medium	2025-07-08
CVE-2025-53473	Nimesa Backup and Recovery 代码问题漏洞 — Nimesa Backup and Recovery	9.1^AI	Critical^AI	2025-07-07
CVE-2025-7103	BoyunCMS curl Index.php server-side request forgery — BoyunCMS	6.3	Medium	2025-07-07
CVE-2025-49418	WordPress Allmart plugin <= 1.0.0 - Server Side Request Forgery (SSRF) Vulnerability — Allmart	7.2	High	2025-07-04
CVE-2025-28963	WordPress URL Shortener plugin <= 3.0.7 - Server Side Request Forgery (SSRF) Vulnerability — URL Shortener	5.4	Medium	2025-07-04
CVE-2025-6729	PayMaster for WooCommerce <= 0.4.31 - Authenticated (Subscriber+) Server-Side Request Forgery — PayMaster for WooCommerce	6.4	Medium	2025-07-04

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1496 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1496