CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489

1489 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-4878	Server-Side Request Forgery (SSRF) in instantsoft/icms2 — instantsoft/icms2	7.5	-	2023-09-10
CVE-2023-39967	Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio — wiremock	10.0	Critical	2023-09-06
CVE-2023-41327	Controlled SSRF through URL in the WireMock — wiremock	4.6	Medium	2023-09-06
CVE-2023-36388	Apache Superset: Improper API permission for low privilege users allows for SSRF — Apache Superset	4.3	Medium	2023-09-06
CVE-2023-41055	LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie — LibreY	7.5	High	2023-09-04
CVE-2023-41054	LibreY Server-Side Request Forgery (SSRF) vulnerability in image_proxy.php — LibreY	8.2	High	2023-09-04
CVE-2023-4651	Server-Side Request Forgery (SSRF) in instantsoft/icms2 — instantsoft/icms2	7.5	-	2023-08-31
CVE-2023-4624	Server-Side Request Forgery (SSRF) in bookstackapp/bookstack — bookstackapp/bookstack	7.5	-	2023-08-30
CVE-2023-40017	Geonode Server Side Request Forgery vulnerability — geonode	7.5	High	2023-08-24
CVE-2022-44729	Apache XML Graphics Batik: Information disclosure vulnerability — Apache XML Graphics Batik	8.2	-	2023-08-22
CVE-2022-44730	Apache XML Graphics Batik: Information disclosure vulnerability — Apache XML Graphics Batik	6.5	-	2023-08-22
CVE-2023-24515	Server side request forgery in api checker — Pandora FMS	5.2	Medium	2023-08-22
CVE-2023-35011	IBM Cognos Analytics server-side request forgey — Cognos Analytics	5.4	Medium	2023-08-16
CVE-2023-40033	Server-Side Request Forgery via Avatar upload in flarum — framework	7.1	High	2023-08-16
CVE-2023-3958	WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery — WP Remote Users Sync	8.5	High	2023-08-16
CVE-2023-26442	Open-Xchange AppSuite 代码问题漏洞 — OX App Suite	3.2	Low	2023-08-02
CVE-2023-26438	Open-Xchange AppSuite 跨站脚本漏洞 — OX App Suite	4.3	Medium	2023-08-02
CVE-2023-3981	Server-Side Request Forgery (SSRF) in omeka/omeka-s — omeka/omeka-s	7.5	-	2023-07-27
CVE-2023-37290	InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF) — Document On-line Submission and Approval System	7.5	High	2023-07-20
CVE-2023-29260	IBM Sterling Connect:Express for UNIX server-side request forgery — Sterling Connect:Express for UNIX	6.5	Medium	2023-07-19
CVE-2023-3577	Limited blind SSRF to localhost/intranet in interactive dialog implementation — Mattermost	3.5	Low	2023-07-17
CVE-2023-32052	Microsoft Power Apps (online) Spoofing Vulnerability — Microsoft Power Apps	5.4	Medium	2023-07-11
CVE-2023-36925	Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent) — SAP Solution Manager (Diagnostics agent)	7.2	High	2023-07-11
CVE-2023-3578	DedeCMS co_do.php server-side request forgery — DedeCMS	5.5	Medium	2023-07-10
CVE-2021-42079	SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355 — QuantaStor	6.2	Medium	2023-07-10
CVE-2023-37262	CC: Tweaked SSRF to Cloud Services Metadata Services not Blocked by Default — CC-Tweaked	9.6	Critical	2023-07-07
CVE-2023-37261	OpenComputers's SSRF to cloud service metadata services and local IPv6 addresses not blocked by default — OpenComputers	9.6	Critical	2023-07-07
CVE-2023-3432	Server-Side Request Forgery (SSRF) in plantuml/plantuml — plantuml/plantuml	7.5	-	2023-06-27
CVE-2023-33176	Blind SSRF When Uploading Presentation in BigBlueButton — bigbluebutton	4.8	Medium	2023-06-26
CVE-2023-35133	Moodle: ssrf risk due to insufficient check on the curl blocked hosts	7.5	High	2023-06-22

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489