Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489

1489 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint — kan 8.6 High2026-03-18
CVE-2026-4366 Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak — Red Hat Build of Keycloak 5.8 Medium2026-03-18
CVE-2026-22181 OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch — OpenClaw 7.6 High2026-03-18
CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames — clouddriver-artifacts 9.1 Critical2026-03-17
CVE-2026-4308 frdel/agent0ai agent-zero document_query.py handle_pdf_document server-side request forgery — agent-zero 6.3 Medium2026-03-17
CVE-2026-4284 taoofagi easegen-admin PPT File PPTUtil.java downloadFile server-side request forgery — easegen-admin 4.7 Medium2026-03-16
CVE-2026-2455 SSRF bypass via IPv4-mapped IPv6 literals — Mattermost 4.3 Medium2026-03-16
CVE-2025-69239 Server-Site Request Forgery in Raytha CMS — Raytha 3.8 -2026-03-16
CVE-2026-4231 vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery — vanna 7.3 High2026-03-16
CVE-2026-4215 FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery — flow-core-x 6.3 Medium2026-03-16
CVE-2026-4200 glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery — glowxq-oj 7.3 High2026-03-16
CVE-2026-32412 WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 3.1.7 - Server Side Request Forgery (SSRF) vulnerability — Gift Up Gift Cards for WordPress and WooCommerce 9.8 -2026-03-13
CVE-2026-32357 WordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerability — Simple Blog Card 9.1 -2026-03-13
CVE-2026-32353 WordPress MailerPress plugin <= 1.4.2 - Server Side Request Forgery (SSRF) vulnerability — MailerPress 9.1 -2026-03-13
CVE-2026-32349 WordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability — Embed PDF Viewer 9.1 -2026-03-13
CVE-2026-32301 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL — centrifugo 9.3 Critical2026-03-12
CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch — plugin-auth-backend 7.5 -2026-03-12
CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature — opencti 7.7 High2026-03-12
CVE-2026-3966 648540858 wvp-GB28181-pro IP Address ABLMediaNodeServerService.java getDownloadFilePath server-side request forgery — wvp-GB28181-pro 6.3 Medium2026-03-12
CVE-2026-3961 zyddnys manga-image-translator Translate Endpoints request_extraction.py to_pil_image server-side request forgery — manga-image-translator 6.3 Medium2026-03-11
CVE-2026-32133 2FAuth has Blind SSRF in image parameter allows internal network access and more — 2FAuth 7.1AIHighAI2026-03-11
CVE-2026-3958 Woahai321 ListSync JSON api_server.py requests.post server-side request forgery — ListSync 6.3 Medium2026-03-11
CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle — ha-mcp 5.3 Medium2026-03-11
CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy — siyuan 8.3 High2026-03-11
CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns — plunk 9.3 Critical2026-03-11
CVE-2026-31974 Blind SSRF on OpenProject instance via webhooks — openproject 3.0 Low2026-03-11
CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval — quill 5.3 Medium2026-03-11
CVE-2026-31878 Frappe: Possible SSRF by any authenticated user — frappe 5.0 Medium2026-03-11
CVE-2026-21293 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Commerce 5.5 Medium2026-03-11
CVE-2026-21294 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Commerce 5.5 Medium2026-03-11

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.