Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489

1489 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources — AVideo 5.0 Medium2026-03-22
CVE-2026-4528 trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery — ApiFlow 7.3 High2026-03-21
CVE-2026-3478 Content Syndication Toolkit <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter — Content Syndication Toolkit 7.2 High2026-03-21
CVE-2026-1648 Performance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter — Performance Monitor 7.2 High2026-03-21
CVE-2026-1313 MimeTypes Link Icons <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content — MimeTypes Link Icons 8.3 High2026-03-21
CVE-2026-2290 Post Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field — Post Affiliate Pro 3.8 Low2026-03-21
CVE-2026-4302 WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API — WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation 7.2 High2026-03-21
CVE-2026-33237 AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation — AVideo 5.5 Medium2026-03-20
CVE-2026-33226 Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview — budibase 8.7 High2026-03-20
CVE-2026-33126 Frigate has SSRF vulnerability in /ffprobe endpoint — frigate 5.0 Medium2026-03-20
CVE-2026-33081 PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation — pinchtab 5.8 Medium2026-03-20
CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks — ckan-mcp-server 5.3 Medium2026-03-20
CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy — AVideo 8.6 High2026-03-20
CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator — AVideo-Encoder 9.8 -2026-03-20
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL — SQLBot 7.5 -2026-03-20
CVE-2026-32812 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint — admidio 6.8 Medium2026-03-20
CVE-2026-32828 Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration — kargo 9.1 -2026-03-20
CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export — SuiteCRM 5.0 Medium2026-03-19
CVE-2026-29097 SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet — SuiteCRM 6.5 -2026-03-19
CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling — OpenClaw 6.0 Medium2026-03-19
CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard — OpenClaw 7.4 High2026-03-19
CVE-2026-26137 Microsoft Exchange Elevation of Privilege Vulnerability — Microsoft Exchange Online 9.9 Critical2026-03-19
CVE-2026-26120 Microsoft Bing Tampering Vulnerability — Microsoft Bing 6.5 Medium2026-03-19
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft Purview 8.6 High2026-03-19
CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability — Azure Cloud Shell 10.0 Critical2026-03-19
CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft Purview 8.6 High2026-03-19
CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF) — openemr 7.6 -2026-03-19
CVE-2025-71259 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS — FootPrints 4.3 Medium2026-03-19
CVE-2025-71258 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in searchWeb — FootPrints 4.3 Medium2026-03-19
CVE-2026-31989 OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect — OpenClaw 7.4 High2026-03-19

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.