CVE Database

11+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

11 results for "CWE-918"

CVE-2026-13150

Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the …

Jun 24, 2026
CVE-2026-49093
6.3 MEDIUM

Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server …

May 28, 2026
CVE-2026-42398
7.7 HIGH

Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with …

May 28, 2026
CVE-2025-54925
7.5 HIGH

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious …

Aug 20, 2025
CVE-2025-54924
7.5 HIGH

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a …

Aug 20, 2025
CVE-2024-39954
6.3 MEDIUM

CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read …

Aug 20, 2025
CVE-2025-46385
8.6 HIGH

CWE-918 Server-Side Request Forgery (SSRF)

Jul 20, 2025
CVE-2025-50125

A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge …

Jul 11, 2025
CVE-2023-48786
4.3 MEDIUM

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests …

Jun 10, 2025
CVE-2024-37359
8.6 HIGH

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently …

Feb 19, 2025
CVE-2024-27775
7.2 HIGH

SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash

Mar 28, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.