Server-side request forgery vulnerabilities
Server-side request forgery tricks a server into making requests on the attacker’s behalf — reaching internal services, cloud metadata endpoints, or admin APIs that are unreachable from outside. In cloud environments SSRF is a credential-theft primitive, and it chains naturally with other bugs into full compromise.
Classification is assigned by the CSIRTS enrichment pipeline from the advisory text. The list below shows the latest advisories tagged server-side request forgery, newest first, across national CERTs, vendor PSIRTs and vulnerability databases — exploited marks CVEs in the CISA KEV catalog.