CWE-918: Server-Side Request Forgery (SSRF) — known CVE vulnerabilities
CVEs classified under CWE-918 (Server-Side Request Forgery (SSRF)), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-47938 — CVSS 10.0 (critical): Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that…
CVE-2026-35431 — CVSS 10.0 (critical): Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a…
CVE-2026-32186 — CVSS 10.0 (critical): Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33107 — CVSS 10.0 (critical): Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32871 — CVSS 10.0 (critical): FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to…
CVE-2026-32169 — CVSS 10.0 (critical): Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-59503 — CVSS 10.0 (critical): Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-54122 — CVSS 10.0 (critical): Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been…
CVE-2025-2828 — CVSS 10.0 (critical): A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package…
CVE-2024-42467 — CVSS 10.0 (critical): openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version…
CVE-2023-43654 — CVSS 10.0 (critical): TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation…
CVE-2023-39967 — CVSS 10.0 (critical): WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration…
CVE-2022-21215 — CVSS 10.0 (critical): This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are…
CVE-2021-27329 — CVSS 10.0 (critical): Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.
CVE-2019-16932 — CVSS 10.0 (critical): A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
CVE-2019-13020 — CVSS 10.0 (critical): The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a…
CVE-2019-12153 — CVSS 10.0 (critical): Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or…
CVE-2019-9174 — CVSS 10.0 (critical): An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It…
CVE-2019-10686 — CVSS 10.0 (critical): An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or…
CVE-2018-18843 — CVSS 10.0 (critical): The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
CVE-2018-19047 — CVSS 10.0 (critical): mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img…
CVE-2018-10511 — CVSS 10.0 (critical): A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery…
CVE-2017-11291 — CVSS 10.0 (critical): An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could…
CVE-2017-12905 — CVSS 10.0 (critical): Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or…
CVE-2017-8794 — CVSS 10.0 (critical): An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs)…
CVE-2026-57100 — CVSS 9.9 (critical): Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges…
CVE-2026-45499 — CVSS 9.9 (critical): Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
CVE-2026-55115 — CVSS 9.9 (critical): A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect…
CVE-2026-43986 — CVSS 9.9 (critical): Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>`…
CVE-2026-9813 — CVSS 9.9 (critical): FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality…
CVE-2026-40089 — CVSS 9.9 (critical): Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a…
CVE-2026-26137 — CVSS 9.9 (critical): Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.
CVE-2025-54381 — CVSS 9.9 (critical): BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19…
CVE-2025-29972 — CVSS 9.9 (critical): Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network.
CVE-2024-6784 — CVSS 9.9 (critical): Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended…
CVE-2023-3744 — CVSS 9.9 (critical): Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests…
CVE-2023-27586 — CVSS 9.9 (critical): CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when…
CVE-2021-33690 — CVSS 9.9 (critical): Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service…
CVE-2026-30118 — CVSS 9.8 (critical): scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy…
CVE-2026-43995 — CVSS 9.8 (critical): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations…