CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1478

1478 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-25972	Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature — camaleon_cms	4.9	Medium	2021-10-20
CVE-2021-32663	Unauthorized setup leads to SSRF in Combodo/iTop — iTop	8.7	High	2021-10-19
CVE-2021-22958	Portlandlabs Concrete5 代码问题漏洞 — https://github.com/concrete5/concrete5	9.8	-	2021-10-07
CVE-2021-39339	Telefication <= 1.8.0 Open Proxy and Server-Side Request Forgery — Telefication	5.8	Medium	2021-09-22
CVE-2021-41084	Response Splitting from unsanitized headers in http4s — http4s	8.7	High	2021-09-21
CVE-2021-40438	mod_proxy SSRF — Apache HTTP Server	8.1	-	2021-09-16
CVE-2021-33705	SAP Enterprise Portal 代码问题漏洞 — SAP NetWeaver Enterprise Portal	9.3	-	2021-09-15
CVE-2021-23029	F5 BIG-IP 代码问题漏洞 — BIG-IP Advanced WAF and BIG-IP ASM	8.1	-	2021-09-14
CVE-2021-39195	Server-Side Request Forgery vulnerability in misskey — misskey	7.7	High	2021-09-07
CVE-2021-3758	Server-Side Request Forgery (SSRF) in bookstackapp/bookstack — bookstackapp/bookstack	8.1	-	2021-09-02
CVE-2021-36043	Magento Commerce Authenticated Blind SSRF Could Lead To Remote Code Execution — Magento Commerce	8.0	High	2021-09-01
CVE-2021-28627	Adobe Experience Manager Server-side Request Forgery could lead to Security feature bypass — Experience Manager	5.4	Medium	2021-08-24
CVE-2021-37711	Authenticated server-side request forgery in file upload via URL. — platform	8.8	High	2021-08-16
CVE-2021-24472	Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF — QT KenthaRadio	9.8	-	2021-08-02
CVE-2021-24371	RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF — RSVPMaker	2.7	-	2021-08-02
CVE-2021-22726	EVlink City、EVlink Parking 和 EVlink Smart Wallbox 代码问题漏洞 — EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )	9.1	-	2021-07-21
CVE-2021-29102	There is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server Manager version 10.8.1 and below. — ArcGIS Server	7.5	-	2021-07-11
CVE-2021-32639	Server-Side Request Forgery (SSRF) in emissary:emissary — emissary	7.2	High	2021-07-02
CVE-2021-32698	Blind Server-Side Request Forgery (SSRF) in eLabFTW — elabftw	6.8	Medium	2021-06-21
CVE-2021-34808	Synology Media Server 代码问题漏洞 — Media Server	5.8	Medium	2021-06-18
CVE-2021-34811	Synology Download Station 代码问题漏洞 — Download Station	5.0	Medium	2021-06-18
CVE-2021-32682	Multiple vulnerabilities leading to RCE — elFinder	9.8	Critical	2021-06-14
CVE-2021-33181	Synology Video Station Video Station 代码问题漏洞 — Synology Video Station	6.6	Medium	2021-06-01
CVE-2021-33184	Synology Download Station 代码问题漏洞 — Synology Download Station	7.7	High	2021-06-01
CVE-2021-25640	Open Redirect or SSRF vulnerability usage of parseURL — Apache Dubbo	8.2	-	2021-05-31
CVE-2020-14328	Red Hat Ansible 代码问题漏洞 — Tower	5.5	-	2021-05-27
CVE-2020-14327	Red Hat Ansible 代码问题漏洞 — Tower	5.5	-	2021-05-27
CVE-2021-29490	Unauthenticated GET requests through Remote Image endpoints — jellyfin	5.8	Medium	2021-05-05
CVE-2021-27905	SSRF vulnerability with the Replication handler — Apache Solr	9.1	-	2021-04-13
CVE-2021-24150	Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF — Like Button Rating ♥ LikeBtn	7.5	-	2021-04-05

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1478 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1478