Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-918 Clear
ID Title
CVE-2026-4328 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-4328)
SSRF in wordpress (CVE-2026-4328). Risk of unauthorized operations or information disclosure.
CVE-2026-11989 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11989)
SSRF in wordpress (CVE-2026-11989). Risk of unauthorized operations or information disclosure.
CVE-2026-12566 SSRF (Server-Side Request Forgery) in bbot (CVE-2026-12566)
SSRF in bbot (CVE-2026-12566). Risk of unauthorized operations or information disclosure. Exploitable via ``docker_pull``. Mitigation: upgrade to `2.8.5` or later.
CVE-2026-11395 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11395)
SSRF in wordpress (CVE-2026-11395). Risk of unauthorized operations or information disclosure.
CVE-2026-48764 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48764)
SSRF in ssrf (CVE-2026-48764). Confidential information can be exposed externally.
CVE-2026-54018 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-54018)
SSRF in open-webui (CVE-2026-54018). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54017 Path Traversal in open-webui (CVE-2026-54017)
path traversal in open-webui (CVE-2026-54017). Confidential information can be exposed externally. Exploitable via `GET /api/v1/terminals/server1/..`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54008 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-54008)
SSRF in open-webui (CVE-2026-54008). Confidential information can be exposed externally. Exploitable via `GET /api/v1/auths/`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-53931 Vulnerability in nocodb (CVE-2026-53931)
vulnerability in nocodb (CVE-2026-53931). Risk of unauthorized operations or information disclosure. Exploitable via ``axiosRequestMake``.
CVE-2026-53930 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-53930)
SSRF in nocodb (CVE-2026-53930). Risk of unauthorized operations or information disclosure. Exploitable via ``migrate``.
CVE-2026-53927 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-53927)
SSRF in nocodb (CVE-2026-53927). Risk of unauthorized operations or information disclosure. Exploitable via ``axiosRequestMake``.
CVE-2026-48782 SSRF (Server-Side Request Forgery) in pydantic-ai-slim (CVE-2026-48782)
SSRF in pydantic-ai-slim (CVE-2026-48782). Confidential information can be exposed externally. Exploitable via ``FileUrl``. Mitigation: upgrade to `2.0.0b3` or later.
CVE-2026-53755 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
CVE-2026-53754 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
CVE-2026-54157 SSRF (Server-Side Request Forgery) in @lobehub/lobehub (CVE-2026-54157)
SSRF in @lobehub/lobehub (CVE-2026-54157). Confidential information can be exposed externally. Exploitable via `POST /webapi/proxy`. Mitigation: upgrade to `2.1.57` or later.
CVE-2026-56266 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-56266)
SSRF in crawl4ai (CVE-2026-56266). Confidential information can be exposed externally. Exploitable via ``output_path``. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-50134 SSRF (Server-Side Request Forgery) in github.com/gohugoio/hugo (CVE-2026-50134)
SSRF in github.com/gohugoio/hugo (CVE-2026-50134). Risk of unauthorized operations or information disclosure. Exploitable via ``security.http.urls``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-53859 Vulnerability in openclaw (CVE-2026-53859)
vulnerability in openclaw (CVE-2026-53859). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.26` or later.
CVE-2026-49860 SSRF (Server-Side Request Forgery) in deno (CVE-2026-49860)
SSRF in deno (CVE-2026-49860). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-49859 Vulnerability in deno (CVE-2026-49859)
vulnerability in deno (CVE-2026-49859). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-54299 Vulnerability in astro (CVE-2026-54299)
vulnerability in astro (CVE-2026-54299). Confidential information can be exposed externally. Exploitable via ``request.url``. Mitigation: upgrade to `6.4.6` or later.
CVE-2026-54300 SSRF (Server-Side Request Forgery) in @astrojs/netlify (CVE-2026-54300)
SSRF in @astrojs/netlify (CVE-2026-54300). Risk of unauthorized operations or information disclosure. Exploitable via ``image.remotePatterns``. Mitigation: upgrade to `7.0.13` or later.
CVE-2025-60175 Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
CVE-2026-50888 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50888)
SSRF in ssrf (CVE-2026-50888). Confidential information can be exposed externally.
CVE-2026-50887 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50887)
SSRF in ssrf (CVE-2026-50887). Confidential information can be exposed externally.
CVE-2026-48818 SSRF (Server-Side Request Forgery) in starlette (CVE-2026-48818)
SSRF in starlette (CVE-2026-48818). Confidential information can be exposed externally. Exploitable via ``StaticFiles``. Mitigation: upgrade to `1.1.0` or later.
CVE-2026-50168 Vulnerability in @angular/platform-server (CVE-2026-50168)
vulnerability in @angular/platform-server (CVE-2026-50168). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `21.2.15` or later.
CVE-2026-12210 SSRF (Server-Side Request Forgery) in CVE-2026-12210 (CVE-2026-12210)
SSRF in CVE-2026-12210 (CVE-2026-12210). Risk of unauthorized operations or information disclosure.
CVE-2026-53827 SSRF (Server-Side Request Forgery) in openclaw (CVE-2026-53827)
SSRF in openclaw (CVE-2026-53827). Confidential information can be exposed externally.
CVE-2026-53607 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-53607)
SSRF in ssrf (CVE-2026-53607). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``.
CVE-2026-50552 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50552)
SSRF in ssrf (CVE-2026-50552). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/radio/stations`.
CVE-2025-58175 Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175). Confidential information can be exposed externally. Exploitable via ``ENTITY_RESOLUTION_ALLOWLIST``. Mitigation: upgrade to `2.27.3` or later.
CVE-2026-53812 Vulnerability in openclaw (CVE-2026-53812)
vulnerability in openclaw (CVE-2026-53812). Confidential information can be exposed externally. Exploitable via ``act``. Mitigation: upgrade to `2026.5.18` or later.
CVE-2026-53782 Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
CVE-2026-47170 Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HT...
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning,...
CVE-2026-46698 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46698)
SSRF in wordpress (CVE-2026-46698). Risk of unauthorized operations or information disclosure.
CVE-2026-46697 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
SSRF in wordpress (CVE-2026-46697). Confidential information can be exposed externally.
CVE-2026-3341 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3341)
SSRF in ssrf (CVE-2026-3341). Risk of unauthorized operations or information disclosure.
CVE-2026-48998 Vulnerability in guzzlehttp/psr7 (CVE-2026-48998)
vulnerability in guzzlehttp/psr7 (CVE-2026-48998). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `2.10.2` or later.
CVE-2026-9204 SSRF (Server-Side Request Forgery) in gitlab (CVE-2026-9204)
SSRF in gitlab (CVE-2026-9204). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
CVE-2026-40999 SSRF (Server-Side Request Forgery) in CVE-2026-40999 (CVE-2026-40999)
SSRF in CVE-2026-40999 (CVE-2026-40999). Confidential information can be exposed externally.
CVE-2026-50131 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50131)
SSRF in ssrf (CVE-2026-50131). Confidential information can be exposed externally.
CVE-2026-50127 SSRF (Server-Side Request Forgery) in weblate (CVE-2026-50127)
SSRF in weblate (CVE-2026-50127). Confidential information can be exposed externally. Exploitable via ``VCS_RESTRICT_PRIVATE``. Mitigation: upgrade to `2026.6` or later.
CVE-2026-20252 SSRF (Server-Side Request Forgery) in splunk (CVE-2026-20252)
SSRF in splunk (CVE-2026-20252). Confidential information can be exposed externally.
CVE-2026-48858 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48858)
SSRF in ssrf (CVE-2026-48858). Risk of unauthorized operations or information disclosure.
CVE-2026-45561 SSRF (Server-Side Request Forgery) in flask (CVE-2026-45561)
SSRF in flask (CVE-2026-45561). Confidential information can be exposed externally.
CVE-2026-47938 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47938)
SSRF in ssrf (CVE-2026-47938). Successful exploitation can lead to full system takeover.
CVE-2026-45504 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45504)
SSRF in ssrf (CVE-2026-45504). Successful exploitation can lead to full system takeover.
CVE-2026-45501 Cross-Site Scripting (XSS) in ssrf (CVE-2026-45501)
cross-site scripting in ssrf (CVE-2026-45501). Confidential information can be exposed externally.
CVE-2026-45502 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45502)
SSRF in ssrf (CVE-2026-45502). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →