Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-918 Clear
ID Title
CVE-2026-59702 SSRF (Server-Side Request Forgery) in CVE-2026-59702 (CVE-2026-59702)
SSRF in CVE-2026-59702 (CVE-2026-59702). Confidential information can be exposed externally. Exploitable via `POST /api/pack`.
CVE-2025-53830 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53830)
SSRF in ssrf (CVE-2025-53830). Successful exploitation can lead to full system takeover.
CVE-2026-48205 Vulnerability in apache (CVE-2026-48205)
vulnerability in apache (CVE-2026-48205). Confidential information can be exposed externally.
CVE-2026-48203 Vulnerability in apache (CVE-2026-48203)
vulnerability in apache (CVE-2026-48203). Confidential information can be exposed externally.
CVE-2026-22874 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22874)
SSRF in ssrf (CVE-2026-22874). Confidential information can be exposed externally.
CVE-2026-57100 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57100)
SSRF in ssrf (CVE-2026-57100). Successful exploitation can lead to full system takeover.
CVE-2026-45499 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45499)
SSRF in ssrf (CVE-2026-45499). Successful exploitation can lead to full system takeover.
CVE-2026-55115 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55115)
SSRF in ssrf (CVE-2026-55115). Successful exploitation can lead to full system takeover.
CVE-2026-49869 OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-55455 SSRF (Server-Side Request Forgery) in appsmith (CVE-2026-55455)
SSRF in appsmith (CVE-2026-55455). Confidential information can be exposed externally. Mitigation: upgrade to `2.1` or later.
CVE-2026-54157 SSRF (Server-Side Request Forgery) in @lobehub/lobehub (CVE-2026-54157)
SSRF in @lobehub/lobehub (CVE-2026-54157). Confidential information can be exposed externally. Exploitable via `POST /webapi/proxy`. Mitigation: upgrade to `2.1.57` or later.
CVE-2026-50887 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50887)
SSRF in ssrf (CVE-2026-50887). Confidential information can be exposed externally.
CVE-2026-47938 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47938)
SSRF in ssrf (CVE-2026-47938). Successful exploitation can lead to full system takeover.
CVE-2026-43986 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)
SSRF in ssrf (CVE-2026-43986). Confidential information can be exposed externally. Exploitable via ``image_hash_lookup``.
CVE-2026-9813 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9813)
SSRF in ssrf (CVE-2026-9813). Successful exploitation can lead to full system takeover.
CVE-2026-56348 SSRF (Server-Side Request Forgery) in n8n (CVE-2026-56348)
SSRF in n8n (CVE-2026-56348). Confidential information can be exposed externally. Exploitable via `POST /rest/dynamic-node-parameters/options`. Mitigation: upgrade to `2.20.0` or later.
CVE-2026-30118 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
CVE-2026-42596 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596). Confidential information can be exposed externally. Exploitable via `POST /upload`. Mitigation: upgrade to `8.32.0` or later.
CVE-2026-42864 Vulnerability in firefighter-incident (CVE-2026-42864)
vulnerability in firefighter-incident (CVE-2026-42864). Confidential information can be exposed externally. Exploitable via `POST /api/v2/firefighter/raid/jira_bot`. Mitigation: upgrade to `0.0.54` or later.
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-44694 Vulnerability in n8n-mcp (CVE-2026-44694)
vulnerability in n8n-mcp (CVE-2026-44694). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.50.2` or later.
CVE-2026-44335 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)
SSRF in ssrf (CVE-2026-44335). Successful exploitation can lead to full system takeover. Exploitable via ``requests``. Mitigation: upgrade to `>= 1.6.32` or later.
CVE-2026-8034 Vulnerability in ssrf (CVE-2026-8034)
vulnerability in ssrf (CVE-2026-8034). Successful exploitation can lead to full system takeover.
CVE-2026-34084 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
CVE-2026-43995 SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-40089 SSRF (Server-Side Request Forgery) in c (CVE-2026-40089)
SSRF in c (CVE-2026-40089). Confidential information can be exposed externally.
CVE-2025-62718 Vulnerability in axios (CVE-2025-62718)
vulnerability in axios (CVE-2025-62718). Confidential information can be exposed externally. Exploitable via ``NO_PROXY``. Mitigation: upgrade to `0.31.0` or later.
CVE-2026-31017 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-31017)
SSRF in ssrf (CVE-2026-31017). Confidential information can be exposed externally.
CVE-2026-32871 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32871)
SSRF in ssrf (CVE-2026-32871). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2025-11242 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-11242)
SSRF in ssrf (CVE-2025-11242). Successful exploitation can lead to full system takeover.
CVE-2025-25785 SSRF (Server-Side Request Forgery) in c (CVE-2025-25785)
SSRF in c (CVE-2025-25785). Confidential information can be exposed externally.
CVE-2024-55875 Information Disclosure in org.http4k:http4k-format-xml (CVE-2024-55875)
vulnerability in org.http4k:http4k-format-xml (CVE-2024-55875). Successful exploitation can lead to full system takeover. Exploitable via ``DocumentBuilderFactory``. Mitigation: upgrade to `6.50.0.0` or later.
CVE-2024-25294 SSRF (Server-Side Request Forgery) in ssrf (CVE-2024-25294)
SSRF in ssrf (CVE-2024-25294). Confidential information can be exposed externally.
CVE-2023-41449 SSRF (Server-Side Request Forgery) in phpkobo (CVE-2023-41449)
SSRF in phpkobo (CVE-2023-41449). Successful exploitation can lead to full system takeover.
CVE-2023-35175 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-35175)
SSRF in ssrf (CVE-2023-35175). Successful exploitation can lead to full system takeover.
CVE-2023-27162 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27162)
SSRF in ssrf (CVE-2023-27162). Confidential information can be exposed externally.
CVE-2023-1725 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-1725)
SSRF in ssrf (CVE-2023-1725). Successful exploitation can lead to full system takeover.
CVE-2022-40842 SSRF (Server-Side Request Forgery) in ssrf (CVE-2022-40842)
SSRF in ssrf (CVE-2022-40842). Confidential information can be exposed externally.
CVE-2022-38580 Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
CVE-2020-25466 SSRF (Server-Side Request Forgery) in ssrf (CVE-2020-25466)
SSRF in ssrf (CVE-2020-25466). Successful exploitation can lead to full system takeover.
CVE-2021-42637 SSRF (Server-Side Request Forgery) in ssrf (CVE-2021-42637)
SSRF in ssrf (CVE-2021-42637). Successful exploitation can lead to full system takeover.
CVE-2017-17674 SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-17674)
SSRF in ssrf (CVE-2017-17674). Successful exploitation can lead to full system takeover.
CVE-2017-11291 SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-11291)
SSRF in ssrf (CVE-2017-11291). Confidential information can be exposed externally.
CVE-2017-0907 SSRF (Server-Side Request Forgery) in csharp (CVE-2017-0907)
SSRF in csharp (CVE-2017-0907). Successful exploitation can lead to full system takeover.
CVE-2017-0905 SSRF (Server-Side Request Forgery) in recurly (CVE-2017-0905)
SSRF in recurly (CVE-2017-0905). Successful exploitation can lead to full system takeover.
CVE-2017-0889 SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-0889)
SSRF in ssrf (CVE-2017-0889). Successful exploitation can lead to full system takeover.
CVE-2017-0906 SSRF (Server-Side Request Forgery) in recurly (CVE-2017-0906)
SSRF in recurly (CVE-2017-0906). Successful exploitation can lead to full system takeover.
CVE-2017-12905 SSRF (Server-Side Request Forgery) in vebto (CVE-2017-12905)
SSRF in vebto (CVE-2017-12905). Successful exploitation can lead to full system takeover.
CVE-2017-9458 XXE (XML External Entity) in ssrf (CVE-2017-9458)
vulnerability in ssrf (CVE-2017-9458). Successful exploitation can lead to full system takeover.
CVE-2017-8794 SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-8794)
SSRF in ssrf (CVE-2017-8794). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →