Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-918 Clear
ID Title
CVE-2026-45503 Vulnerability in ssrf (CVE-2026-45503)
vulnerability in ssrf (CVE-2026-45503). Confidential information can be exposed externally.
CVE-2026-41854 SSRF (Server-Side Request Forgery) in spring (CVE-2026-41854)
SSRF in spring (CVE-2026-41854). Risk of unauthorized operations or information disclosure.
CVE-2026-11469 SSRF (Server-Side Request Forgery) in CVE-2026-11469 (CVE-2026-11469)
SSRF in CVE-2026-11469 (CVE-2026-11469). Risk of unauthorized operations or information disclosure.
CVE-2026-11437 SSRF (Server-Side Request Forgery) in CVE-2026-11437 (CVE-2026-11437)
SSRF in CVE-2026-11437 (CVE-2026-11437). Risk of unauthorized operations or information disclosure.
CVE-2026-11424 Information Disclosure in ssrf (CVE-2026-11424)
vulnerability in ssrf (CVE-2026-11424). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
CVE-2026-47684 SSRF (Server-Side Request Forgery) in @sync-in/server (CVE-2026-47684)
SSRF in @sync-in/server (CVE-2026-47684). Confidential information can be exposed externally. Mitigation: upgrade to `2.3.0` or later.
CVE-2026-47382 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-47382)
SSRF in nocodb (CVE-2026-47382). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `2026.05.1` or later.
CVE-2026-11346 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-11346)
SSRF in ssrf (CVE-2026-11346). Risk of unauthorized operations or information disclosure.
CVE-2026-10586 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-10586)
SSRF in wordpress (CVE-2026-10586). Risk of unauthorized operations or information disclosure.
CVE-2026-43986 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)
SSRF in ssrf (CVE-2026-43986). Confidential information can be exposed externally. Exploitable via ``image_hash_lookup``.
CVE-2026-10771 A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
CVE-2026-44016 Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
CVE-2026-26379 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-26379)
SSRF in ssrf (CVE-2026-26379). Risk of unauthorized operations or information disclosure.
CVE-2026-20230 KEV [KEV] SSRF (Server-Side Request Forgery) in Cisco ssrf (CVE-2026-20230)
SSRF in Cisco ssrf (CVE-2026-20230). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
CVE-2026-10690 SSRF (Server-Side Request Forgery) in CVE-2026-10690 (CVE-2026-10690)
SSRF in CVE-2026-10690 (CVE-2026-10690). Risk of unauthorized operations or information disclosure.
CVE-2026-10662 SSRF (Server-Side Request Forgery) in CVE-2026-10662 (CVE-2026-10662)
SSRF in CVE-2026-10662 (CVE-2026-10662). Risk of unauthorized operations or information disclosure.
CVE-2026-49120 Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
CVE-2026-10583 SSRF (Server-Side Request Forgery) in CVE-2026-10583 (CVE-2026-10583)
SSRF in CVE-2026-10583 (CVE-2026-10583). Risk of unauthorized operations or information disclosure.
CVE-2026-10581 SSRF (Server-Side Request Forgery) in CVE-2026-10581 (CVE-2026-10581)
SSRF in CVE-2026-10581 (CVE-2026-10581). Risk of unauthorized operations or information disclosure.
CVE-2026-49139 SSRF (Server-Side Request Forgery) in CVE-2026-49139 (CVE-2026-49139)
SSRF in CVE-2026-49139 (CVE-2026-49139). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
CVE-2026-49138 SSRF (Server-Side Request Forgery) in CVE-2026-49138 (CVE-2026-49138)
SSRF in CVE-2026-49138 (CVE-2026-49138). Risk of unauthorized operations or information disclosure.
CVE-2026-10287 SSRF (Server-Side Request Forgery) in CVE-2026-10287 (CVE-2026-10287)
SSRF in CVE-2026-10287 (CVE-2026-10287). Risk of unauthorized operations or information disclosure.
CVE-2026-10280 SSRF (Server-Side Request Forgery) in CVE-2026-10280 (CVE-2026-10280)
SSRF in CVE-2026-10280 (CVE-2026-10280). Risk of unauthorized operations or information disclosure.
CVE-2026-10276 SSRF (Server-Side Request Forgery) in CVE-2026-10276 (CVE-2026-10276)
SSRF in CVE-2026-10276 (CVE-2026-10276). Risk of unauthorized operations or information disclosure.
CVE-2026-10274 SSRF (Server-Side Request Forgery) in CVE-2026-10274 (CVE-2026-10274)
SSRF in CVE-2026-10274 (CVE-2026-10274). Risk of unauthorized operations or information disclosure.
CVE-2026-49328 SSRF (Server-Side Request Forgery) in apache (CVE-2026-49328)
SSRF in apache (CVE-2026-49328). Risk of unauthorized operations or information disclosure.
CVE-2026-10241 SSRF (Server-Side Request Forgery) in CVE-2026-10241 (CVE-2026-10241)
SSRF in CVE-2026-10241 (CVE-2026-10241). Risk of unauthorized operations or information disclosure.
CVE-2026-10517 SSRF (Server-Side Request Forgery) in github.com/quay/claircore (CVE-2026-10517)
SSRF in github.com/quay/claircore (CVE-2026-10517). Risk of unauthorized operations or information disclosure.
CVE-2026-10240 SSRF (Server-Side Request Forgery) in CVE-2026-10240 (CVE-2026-10240)
SSRF in CVE-2026-10240 (CVE-2026-10240). Risk of unauthorized operations or information disclosure.
CVE-2026-10239 SSRF (Server-Side Request Forgery) in CVE-2026-10239 (CVE-2026-10239)
SSRF in CVE-2026-10239 (CVE-2026-10239). Risk of unauthorized operations or information disclosure.
CVE-2026-10177 SSRF (Server-Side Request Forgery) in aider-chat (CVE-2026-10177)
SSRF in aider-chat (CVE-2026-10177). Risk of unauthorized operations or information disclosure.
CVE-2026-47268 SSRF (Server-Side Request Forgery) in github.com/nezhahq/nezha (CVE-2026-47268)
SSRF in github.com/nezhahq/nezha (CVE-2026-47268). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/ddns`. Mitigation: upgrade to `2.0.10` or later.
CVE-2026-48555 SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
CVE-2026-44285 FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network prot...
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploi...
CVE-2026-47260 SSRF (Server-Side Request Forgery) in phanan/koel (CVE-2026-47260)
SSRF in phanan/koel (CVE-2026-47260). Confidential information can be exposed externally. Exploitable via `POST /api/podcasts`. Mitigation: upgrade to `9.3.5` or later.
CVE-2026-49372 In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-10107 SSRF (Server-Side Request Forgery) in CVE-2026-10107 (CVE-2026-10107)
SSRF in CVE-2026-10107 (CVE-2026-10107). Confidential information can be exposed externally.
CVE-2026-10068 SSRF (Server-Side Request Forgery) in CVE-2026-10068 (CVE-2026-10068)
SSRF in CVE-2026-10068 (CVE-2026-10068). Risk of unauthorized operations or information disclosure.
CVE-2026-44492 Vulnerability in axios (CVE-2026-44492)
vulnerability in axios (CVE-2026-44492). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-42965 SSRF (Server-Side Request Forgery) in redhat (CVE-2026-42965)
SSRF in redhat (CVE-2026-42965). Confidential information can be exposed externally.
CVE-2026-9557 SSRF (Server-Side Request Forgery) in mautic/core (CVE-2026-9557)
SSRF in mautic/core (CVE-2026-9557). Risk of unauthorized operations or information disclosure. Exploitable via ``MauticFocusBundle``. Mitigation: upgrade to `7.1.2` or later.
CVE-2026-10052 SSRF (Server-Side Request Forgery) in CVE-2026-10052 (CVE-2026-10052)
SSRF in CVE-2026-10052 (CVE-2026-10052). Risk of unauthorized operations or information disclosure.
CVE-2026-49093 SSRF (Server-Side Request Forgery) in elk (CVE-2026-49093)
SSRF in elk (CVE-2026-49093). Confidential information can be exposed externally. Mitigation: upgrade to `9.3.3` or later.
CVE-2026-42398 SSRF (Server-Side Request Forgery) in elk (CVE-2026-42398)
SSRF in elk (CVE-2026-42398). Confidential information can be exposed externally. Mitigation: upgrade to `9.2.8, 9.3.2` or later.
CVE-2026-49129 SSRF (Server-Side Request Forgery) in CVE-2026-49129 (CVE-2026-49129)
SSRF in CVE-2026-49129 (CVE-2026-49129). Risk of unauthorized operations or information disclosure.
CVE-2026-46526 SSRF (Server-Side Request Forgery) in local-deep-research (CVE-2026-46526)
SSRF in local-deep-research (CVE-2026-46526). Risk of unauthorized operations or information disclosure. Exploitable via ``validate_url``. Mitigation: upgrade to `1.6.10` or later.
CVE-2026-48522 Vulnerability in pyjwt (CVE-2026-48522)
vulnerability in pyjwt (CVE-2026-48522). Risk of unauthorized operations or information disclosure. Exploitable via ``uri``. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-9813 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9813)
SSRF in ssrf (CVE-2026-9813). Successful exploitation can lead to full system takeover.
CVE-2026-5737 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-5737)
SSRF in wordpress (CVE-2026-5737). Risk of unauthorized operations or information disclosure.
CVE-2026-48153 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48153)
SSRF in @budibase/server (CVE-2026-48153). Confidential information can be exposed externally. Exploitable via ``fetchToken``. Mitigation: upgrade to `3.39.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →