Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-918 Clear
ID Title
CVE-2026-54607 SSRF (Server-Side Request Forgery) in CVE-2026-54607 (CVE-2026-54607)
SSRF in CVE-2026-54607 (CVE-2026-54607). Confidential information can be exposed externally.
CVE-2026-59707 SSRF (Server-Side Request Forgery) in CVE-2026-59707 (CVE-2026-59707)
SSRF in CVE-2026-59707 (CVE-2026-59707). Confidential information can be exposed externally. Exploitable via `POST /models/apply`.
CVE-2026-58468 SSRF (Server-Side Request Forgery) in CVE-2026-58468 (CVE-2026-58468)
SSRF in CVE-2026-58468 (CVE-2026-58468). Risk of unauthorized operations or information disclosure.
CVE-2026-42147 SSRF (Server-Side Request Forgery) in CVE-2026-42147 (CVE-2026-42147)
SSRF in CVE-2026-42147 (CVE-2026-42147). Confidential information can be exposed externally.
CVE-2026-34170 SSRF (Server-Side Request Forgery) in CVE-2026-34170 (CVE-2026-34170)
SSRF in CVE-2026-34170 (CVE-2026-34170). Risk of unauthorized operations or information disclosure.
CVE-2026-57573 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57573)
SSRF in ssrf (CVE-2026-57573). Confidential information can be exposed externally. Exploitable via `POST /crawl/stream`.
CVE-2026-58404 SSRF (Server-Side Request Forgery) in gohugo (CVE-2026-58404)
SSRF in gohugo (CVE-2026-58404). Confidential information can be exposed externally. Mitigation: upgrade to `0.163.1` or later.
CVE-2025-53830 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53830)
SSRF in ssrf (CVE-2025-53830). Successful exploitation can lead to full system takeover.
CVE-2025-53828 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53828)
SSRF in ssrf (CVE-2025-53828). Successful exploitation can lead to full system takeover.
CVE-2026-48205 Vulnerability in apache (CVE-2026-48205)
vulnerability in apache (CVE-2026-48205). Confidential information can be exposed externally.
CVE-2026-55993 Vulnerability in apache (CVE-2026-55993)
vulnerability in apache (CVE-2026-55993). Confidential information can be exposed externally.
CVE-2026-55994 Vulnerability in apache (CVE-2026-55994)
vulnerability in apache (CVE-2026-55994). Confidential information can be exposed externally.
CVE-2026-46726 Vulnerability in apache (CVE-2026-46726)
vulnerability in apache (CVE-2026-46726). Confidential information can be exposed externally.
CVE-2026-48203 Vulnerability in apache (CVE-2026-48203)
vulnerability in apache (CVE-2026-48203). Confidential information can be exposed externally.
CVE-2026-14748 SSRF (Server-Side Request Forgery) in CVE-2026-14748 (CVE-2026-14748)
SSRF in CVE-2026-14748 (CVE-2026-14748). Risk of unauthorized operations or information disclosure.
CVE-2026-58278 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-58278)
SSRF in ssrf (CVE-2026-58278). Risk of unauthorized operations or information disclosure.
CVE-2026-57993 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57993)
SSRF in ssrf (CVE-2026-57993). Confidential information can be exposed externally.
CVE-2026-57987 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57987)
SSRF in ssrf (CVE-2026-57987). Confidential information can be exposed externally.
CVE-2026-58418 SSRF via HTTP Redirect in Repository Migration
SSRF via HTTP Redirect in Repository Migration
CVE-2026-22874 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22874)
SSRF in ssrf (CVE-2026-22874). Confidential information can be exposed externally.
CVE-2026-10055 Information Disclosure in CVE-2026-10055 (CVE-2026-10055)
vulnerability in CVE-2026-10055 (CVE-2026-10055). Confidential information can be exposed externally.
CVE-2026-11397 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11397)
SSRF in wordpress (CVE-2026-11397). Risk of unauthorized operations or information disclosure.
CVE-2026-57100 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57100)
SSRF in ssrf (CVE-2026-57100). Successful exploitation can lead to full system takeover.
CVE-2026-45499 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45499)
SSRF in ssrf (CVE-2026-45499). Successful exploitation can lead to full system takeover.
CVE-2026-59101 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-59101)
SSRF in ssrf (CVE-2026-59101). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/setup/test-downloader`.
CVE-2026-59095 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-59095)
SSRF in ssrf (CVE-2026-59095). Confidential information can be exposed externally.
CVE-2026-55115 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55115)
SSRF in ssrf (CVE-2026-55115). Successful exploitation can lead to full system takeover.
CVE-2026-55113 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55113)
SSRF in ssrf (CVE-2026-55113). Risk of unauthorized operations or information disclosure.
CVE-2026-54401 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54401)
SSRF in ssrf (CVE-2026-54401). Confidential information can be exposed externally.
CVE-2026-57681 Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.
Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.
CVE-2026-57348 Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
CVE-2026-54430 SSRF (Server-Side Request Forgery) in CVE-2026-54430 (CVE-2026-54430)
SSRF in CVE-2026-54430 (CVE-2026-54430). Risk of unauthorized operations or information disclosure.
CVE-2026-14336 SSRF (Server-Side Request Forgery) in CVE-2026-14336 (CVE-2026-14336)
SSRF in CVE-2026-14336 (CVE-2026-14336). Data can be tampered with by attackers. Exploitable via `POST /v1/upload/sbom`.
CVE-2026-44936 SSRF (Server-Side Request Forgery) in github.com/rancher/fleet (CVE-2026-44936)
SSRF in github.com/rancher/fleet (CVE-2026-44936). Risk of unauthorized operations or information disclosure. Exploitable via ``helmRepoURLRegex``. Mitigation: upgrade to `0.12.15` or later.
CVE-2026-44937 SSRF (Server-Side Request Forgery) in github.com/rancher/fleet (CVE-2026-44937)
SSRF in github.com/rancher/fleet (CVE-2026-44937). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.12.15` or later.
CVE-2026-24242 SSRF (Server-Side Request Forgery) in nvidia (CVE-2026-24242)
SSRF in nvidia (CVE-2026-24242). Successful exploitation can lead to full system takeover.
CVE-2026-13603 Vulnerability in CVE-2026-13603 (CVE-2026-13603)
vulnerability in CVE-2026-13603 (CVE-2026-13603). Risk of unauthorized operations or information disclosure.
CVE-2026-56399 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-56399)
SSRF in ssrf (CVE-2026-56399). Risk of unauthorized operations or information disclosure.
CVE-2025-36324 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-36324)
SSRF in ssrf (CVE-2025-36324). Risk of unauthorized operations or information disclosure.
CVE-2026-10564 SSRF (Server-Side Request Forgery) in c (CVE-2026-10564)
SSRF in c (CVE-2026-10564). Confidential information can be exposed externally.
CVE-2026-13773 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13773)
SSRF in ssrf (CVE-2026-13773). Risk of unauthorized operations or information disclosure.
CVE-2026-10546 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-10546)
SSRF in ssrf (CVE-2026-10546). Confidential information can be exposed externally.
CVE-2026-11714 SSRF (Server-Side Request Forgery) in ibm (CVE-2026-11714)
SSRF in ibm (CVE-2026-11714). Confidential information can be exposed externally.
CVE-2026-11546 SSRF (Server-Side Request Forgery) in ibm (CVE-2026-11546)
SSRF in ibm (CVE-2026-11546). Risk of unauthorized operations or information disclosure.
CVE-2026-10129 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-10129)
SSRF in ssrf (CVE-2026-10129). Confidential information can be exposed externally.
CVE-2026-48285 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48285)
SSRF in ssrf (CVE-2026-48285). Confidential information can be exposed externally.
CVE-2026-13316 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13316)
SSRF in ssrf (CVE-2026-13316). Confidential information can be exposed externally.
CVE-2026-57947 Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
CVE-2026-56285 Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
CVE-2026-13751 Vulnerability in snowflake (CVE-2026-13751)
vulnerability in snowflake (CVE-2026-13751). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →