Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489

1489 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34981 whisperX REST API: SSRF in download_from_url() — URL validation happens after HTTP request, extension bypass via .mp3 — whisperX-FastAPI 5.8 Medium2026-04-06
CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` — vllm 5.4 Medium2026-04-06
CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass) — curl_cffi 8.6 High2026-04-06
CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm — distribution 7.5 High2026-04-06
CVE-2026-5633 assafelovic gpt-researcher ws Endpoint server-side request forgery — gpt-researcher 7.3 High2026-04-06
CVE-2026-5623 hcengineering Huly Platform Import Endpoint index.ts server-side request forgery — Huly Platform 6.3 Medium2026-04-06
CVE-2026-5618 kalcaddle kodbox shareMake/shareCheck server-side request forgery — kodbox 5.6 Medium2026-04-06
CVE-2026-5607 imprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgery — mcp-browser-agent 6.3 Medium2026-04-06
CVE-2026-5538 QingdaoU OnlineJudge judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery — OnlineJudge 6.3 Medium2026-04-05
CVE-2026-5530 Ollama Model Pull API download.go server-side request forgery — Ollama 6.3 Medium2026-04-05
CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL — PraisonAI 8.6 High2026-04-03
CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback — PraisonAI 7.7 High2026-04-03
CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling — prompts.chat 7.7 High2026-04-03
CVE-2026-22662 prompts.chat Blind SSRF via media-generate — prompts.chat 4.3 Medium2026-04-03
CVE-2026-28798 Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS — ZimaOS 9.1 Critical2026-04-03
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability — Microsoft Bing 10.0 Critical2026-04-03
CVE-2026-31818 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist — budibase 9.6 Critical2026-04-03
CVE-2026-5470 mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery — Google-Research-MCP 6.3 Medium2026-04-03
CVE-2026-5469 Casdoor Webhook URL server-side request forgery — Casdoor 4.7 Medium2026-04-03
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability — Azure Custom Locations Resource Provider 9.6 Critical2026-04-02
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability — Azure Databricks 10.0 Critical2026-04-02
CVE-2026-5418 appsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery — appsmith 7.3 High2026-04-02
CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery — SQLbot 4.7 Medium2026-04-02
CVE-2026-34590 Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation — postiz-app 5.4 Medium2026-04-02
CVE-2026-34577 Postiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check — postiz-app 8.6 High2026-04-02
CVE-2026-34576 Postiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata — postiz-app 6.5AIMediumAI2026-04-02
CVE-2026-34526 SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6 — SillyTavern 5.0 Medium2026-04-02
CVE-2026-5346 huimeicloud hm_editor image-to-base64 Endpoint mcp-server.js client.get server-side request forgery — hm_editor 7.3 High2026-04-02
CVE-2026-32871 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability — fastmcp 9.1AICriticalAI2026-04-02
CVE-2026-0686 Webmention <= 5.6.2 - Unauthenticated Blind Server-Side Request Forgery — Webmention 7.2 High2026-04-02

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.