Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-918 Clear
ID Title
CVE-2026-48153 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48153)
SSRF in @budibase/server (CVE-2026-48153). Confidential information can be exposed externally. Exploitable via ``fetchToken``. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-48128 SSRF (Server-Side Request Forgery) in budibase (CVE-2026-48128)
SSRF in budibase (CVE-2026-48128). Risk of unauthorized operations or information disclosure. Exploitable via ``inputs.query``. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-48146 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48146)
SSRF in @budibase/server (CVE-2026-48146). Confidential information can be exposed externally. Exploitable via ``fetchWithBlacklist``. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-48916 SSRF (Server-Side Request Forgery) in org.jenkins-ci.plugins:ldap (CVE-2026-48916)
SSRF in org.jenkins-ci.plugins:ldap (CVE-2026-48916). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `807.809.vd3a` or later.
CVE-2026-48918 SSRF (Server-Side Request Forgery) in org.jenkins-ci.plugins:active-directory (CVE-2026-48918)
SSRF in org.jenkins-ci.plugins:active-directory (CVE-2026-48918). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `2.41.1` or later.
CVE-2026-42184 SSRF (Server-Side Request Forgery) in tauri (CVE-2026-42184)
SSRF in tauri (CVE-2026-42184). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `2.11.1` or later.
CVE-2026-9312 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9312)
SSRF in ssrf (CVE-2026-9312). Confidential information can be exposed externally.
CVE-2026-8606 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-8606)
SSRF in ssrf (CVE-2026-8606). Confidential information can be exposed externally.
CVE-2026-45412 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45412)
SSRF in ssrf (CVE-2026-45412). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.9.1` or later.
CVE-2026-42335 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42335)
SSRF in ssrf (CVE-2026-42335). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-42336 Vulnerability in ssrf (CVE-2026-42336)
vulnerability in ssrf (CVE-2026-42336). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-2264 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-2264)
SSRF in ssrf (CVE-2026-2264). Risk of unauthorized operations or information disclosure.
CVE-2025-14290 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-14290)
SSRF in ssrf (CVE-2025-14290). Risk of unauthorized operations or information disclosure.
CVE-2026-43936 SSRF (Server-Side Request Forgery) in CVE-2026-43936 (CVE-2026-43936)
SSRF in CVE-2026-43936 (CVE-2026-43936). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.3.4` or later.
CVE-2026-40564 Vulnerability in apache (CVE-2026-40564)
vulnerability in apache (CVE-2026-40564). Confidential information can be exposed externally.
CVE-2026-45082 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45082)
SSRF in ssrf (CVE-2026-45082). Confidential information can be exposed externally.
CVE-2026-44598 Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598)
vulnerability in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-48843 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48843)
SSRF in ssrf (CVE-2026-48843). Risk of unauthorized operations or information disclosure.
CVE-2026-9464 SSRF (Server-Side Request Forgery) in CVE-2026-9464 (CVE-2026-9464)
SSRF in CVE-2026-9464 (CVE-2026-9464). Risk of unauthorized operations or information disclosure.
CVE-2026-9372 SSRF (Server-Side Request Forgery) in CVE-2026-9372 (CVE-2026-9372)
SSRF in CVE-2026-9372 (CVE-2026-9372). Risk of unauthorized operations or information disclosure.
CVE-2026-9304 SSRF (Server-Side Request Forgery) in CVE-2026-9304 (CVE-2026-9304)
SSRF in CVE-2026-9304 (CVE-2026-9304). Risk of unauthorized operations or information disclosure.
CVE-2026-47076 Vulnerability in hackney (CVE-2026-47076)
vulnerability in hackney (CVE-2026-47076). Confidential information can be exposed externally. Exploitable via ``localhost``. Mitigation: upgrade to `4.0.1` or later.
CVE-2026-47157 SSRF (Server-Side Request Forgery) in aiograpi (CVE-2026-47157)
SSRF in aiograpi (CVE-2026-47157). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.10` or later.
CVE-2026-46717 Authorization Flaw in github.com/nezhahq/nezha (CVE-2026-46717)
vulnerability in github.com/nezhahq/nezha (CVE-2026-46717). Confidential information can be exposed externally. Exploitable via `POST /api/v1/notification`. Mitigation: upgrade to `1.14.15-0.20260517022419-d06d539d34c1` or later.
CVE-2026-7890 SSRF (Server-Side Request Forgery) in concrete5/concrete5 (CVE-2026-7890)
SSRF in concrete5/concrete5 (CVE-2026-7890). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-46548 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-46548)
SSRF in nocodb (CVE-2026-46548). Risk of unauthorized operations or information disclosure. Exploitable via ``httpAgent``.
CVE-2026-46683 SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
CVE-2026-46561 SSRF (Server-Side Request Forgery) in pyload-ng (CVE-2026-46561)
SSRF in pyload-ng (CVE-2026-46561). Risk of unauthorized operations or information disclosure. Exploitable via ``PREREQFUNCTION``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
CVE-2026-46497 SSRF (Server-Side Request Forgery) in crawlee (CVE-2026-46497)
SSRF in crawlee (CVE-2026-46497). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `1.7.0` or later.
CVE-2026-6394 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6394)
SSRF in wordpress (CVE-2026-6394). Risk of unauthorized operations or information disclosure.
CVE-2026-46417 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
CVE-2026-46372 SSRF (Server-Side Request Forgery) in sillytavern (CVE-2026-46372)
SSRF in sillytavern (CVE-2026-46372). Confidential information can be exposed externally. Exploitable via `POST /api/search/searxng`. Mitigation: upgrade to `1.18.0` or later.
CVE-2026-45796 SSRF (Server-Side Request Forgery) in github.com/coder/coder/v2 (CVE-2026-45796)
SSRF in github.com/coder/coder/v2 (CVE-2026-45796). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.
CVE-2026-47358 Vulnerability in ssrf (CVE-2026-47358)
vulnerability in ssrf (CVE-2026-47358). Confidential information can be exposed externally.
CVE-2026-47356 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47356)
SSRF in ssrf (CVE-2026-47356). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan`.
CVE-2026-47357 Vulnerability in ssrf (CVE-2026-47357)
vulnerability in ssrf (CVE-2026-47357). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan`.
CVE-2026-56348 SSRF (Server-Side Request Forgery) in n8n (CVE-2026-56348)
SSRF in n8n (CVE-2026-56348). Confidential information can be exposed externally. Exploitable via `POST /rest/dynamic-node-parameters/options`. Mitigation: upgrade to `2.20.0` or later.
CVE-2026-30118 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
CVE-2026-46391 Vulnerability in @haxtheweb/open-apis (CVE-2026-46391)
vulnerability in @haxtheweb/open-apis (CVE-2026-46391). Risk of unauthorized operations or information disclosure. Exploitable via ``cloudflared``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46393 SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-31910 SSRF (Server-Side Request Forgery) in apache (CVE-2026-31910)
SSRF in apache (CVE-2026-31910). Confidential information can be exposed externally.
CVE-2026-29226 SSRF (Server-Side Request Forgery) in apache (CVE-2026-29226)
SSRF in apache (CVE-2026-29226). Risk of unauthorized operations or information disclosure.
CVE-2026-33234 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-33234)
SSRF in ssrf (CVE-2026-33234). Risk of unauthorized operations or information disclosure.
CVE-2026-45245 SSRF (Server-Side Request Forgery) in @steipete/summarize (CVE-2026-45245)
SSRF in @steipete/summarize (CVE-2026-45245). Confidential information can be exposed externally. Mitigation: upgrade to `0.15.1` or later.
CVE-2026-45298 SSRF (Server-Side Request Forgery) in github.com/amir20/dozzle (CVE-2026-45298)
SSRF in github.com/amir20/dozzle (CVE-2026-45298). Confidential information can be exposed externally. Exploitable via `POST /api/notifications/test-webhook`.
CVE-2026-45660 SSRF (Server-Side Request Forgery) in statamic/cms (CVE-2026-45660)
SSRF in statamic/cms (CVE-2026-45660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.22` or later.
CVE-2026-33637 SSRF (Server-Side Request Forgery) in faraday (CVE-2026-33637)
SSRF in faraday (CVE-2026-33637). Risk of unauthorized operations or information disclosure. Exploitable via ``URI``. Mitigation: upgrade to `2.14.2` or later.
CVE-2026-45609 SSRF (Server-Side Request Forgery) in org.springaicommunity:mcp-client-security (CVE-2026-45609)
SSRF in org.springaicommunity:mcp-client-security (CVE-2026-45609). Risk of unauthorized operations or information disclosure. Exploitable via ``McpOAuth2ClientManager``. Mitigation: upgrade to `0.1.9` or later.
CVE-2026-6333 SSRF (Server-Side Request Forgery) in github.com/mattermost/mattermost/server/v8 (CVE-2026-6333)
SSRF in github.com/mattermost/mattermost/server/v8 (CVE-2026-6333). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `8.0.0-20260325160634-e738016c5920` or later.
CVE-2026-8768 SSRF (Server-Side Request Forgery) in vercel (CVE-2026-8768)
SSRF in vercel (CVE-2026-8768). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →