Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489

1489 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0688 Webmention <= 5.6.2 - Authenticated (Subscriber+) Server-Side Request Forgery — Webmention 6.4 Medium2026-04-02
CVE-2026-5323 priyankark a11y-mcp index.js A11yServer server-side request forgery — a11y-mcp 5.3 Medium2026-04-02
CVE-2026-34746 Payload has Authenticated SSRF via Upload Functionality — payload 7.7 High2026-04-01
CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host — javascript 7.4 High2026-04-01
CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability — Cisco Nexus Dashboard 6.1 Medium2026-04-01
CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF) — model-runner 8.2AIHighAI2026-04-01
CVE-2026-4989 Devolutions Server 安全漏洞 — Server 6.5AIMediumAI2026-04-01
CVE-2026-0932 M-Files Server 安全漏洞 — M-Files Server 8.2AIHighAI2026-04-01
CVE-2026-5259 AutohomeCorp frostmourne Alarm Preview AlarmController.java server-side request forgery — frostmourne 6.3 Medium2026-04-01
CVE-2026-34443 FreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask() — freescout 7.5 -2026-03-31
CVE-2026-34740 AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation — AVideo 6.5 Medium2026-03-31
CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field — InvoiceShelf 7.6 High2026-03-31
CVE-2026-34366 InvoiceShelf: SSRF in Payment Receipt PDF Rendering via Unsanitised HTML in Notes Field — InvoiceShelf 7.6 High2026-03-31
CVE-2026-34365 InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field — InvoiceShelf 7.6 High2026-03-31
CVE-2026-33185 Discourse: Group SMTP test endpoint susceptible to SSRF — discourse 4.3 -2026-03-31
CVE-2026-34360 HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing — org.hl7.fhir.core 5.8 Medium2026-03-31
CVE-2026-5205 chatwoot Webhook API trigger.rb Trigger server-side request forgery — chatwoot 6.3 Medium2026-03-31
CVE-2026-34504 OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider — OpenClaw 8.3 High2026-03-31
CVE-2026-34163 Server-Side Request Forgery via MCP Tools Endpoint in FastGPT — FastGPT 7.7 High2026-03-31
CVE-2026-34881 OpenStack Glance 安全漏洞 — Glance 5.0 Medium2026-03-31
CVE-2026-31804 Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server — Tautulli 4.0 Medium2026-03-30
CVE-2026-5126 SourceCodester RSS Feed Parser file_get_contents server-side request forgery — RSS Feed Parser 6.3 Medium2026-03-30
CVE-2026-0560 Server-Side Request Forgery (SSRF) in parisneo/lollms — parisneo/lollms 9.8 -2026-03-29
CVE-2026-5016 elecV2 elecV2P URL mock eAxios server-side request forgery — elecV2P 7.3 High2026-03-28
CVE-2025-12886 Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path — Oxygen - WooCommerce WordPress Theme 7.2 High2026-03-28
CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration — pyload 7.7 -2026-03-27
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce — LinkAce 8.5 High2026-03-27
CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution — LibreChat 7.7 High2026-03-27
CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP — LibreChat 8.5 High2026-03-27
CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery — letta 6.3 Medium2026-03-27

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.