CWE-918 · Server-Side Request Forgery (SSRF)
2776 CVEs classified under CWE-918 (Server-Side Request Forgery (SSRF)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-49869 | Critical | 10.0 | 2026-06-26 | Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("… |
CVE-2026-47938 | Critical | 10.0 | 2026-06-09 | Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in priv… |
CVE-2026-33712 | Critical | 10.0 | 2026-05-22 | Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthe… |
CVE-2026-35431 | Critical | 10.0 | 2026-04-23 | Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-32186 | Critical | 10.0 | 2026-04-03 | Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network. |
CVE-2026-33107 | Critical | 10.0 | 2026-04-03 | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. |
CVE-2026-32871 | Critical | 10.0 | 2026-04-02 | FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by pars… |
CVE-2026-34162 | Critical | 10.0 | 2026-03-31 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed witho… |
CVE-2026-32169 | Critical | 10.0 | 2026-03-19 | Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. |
CVE-2025-64180 | Critical | 10.0 | 2025-11-07 | Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access… |
CVE-2025-59503 | Critical | 10.0 | 2025-10-23 | Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. |
CVE-2025-53767 | Critical | 10.0 | 2025-08-07 | Azure OpenAI Elevation of Privilege Vulnerability |
CVE-2025-54122 | Critical | 10.0 | 2025-07-21 | Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the pro… |
CVE-2025-2828 | Critical | 10.0 | 2025-06-23 | A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_communit… |
CVE-2024-42467 | Critical | 10.0 | 2024-08-12 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoi… |
CVE-2023-43654 | Critical | 10.0 | 2023-09-28 | TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parti… |
CVE-2023-39967 | Critical | 10.0 | 2023-09-06 | WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request mi… |
CVE-2023-3432 | Critical | 10.0 | 2023-06-27 | Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. |
CVE-2022-21215 | Critical | 10.0 | 2022-02-18 | This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to… |
CVE-2021-29475 | Critical | 10.0 | 2021-04-26 | HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when e… |