CVE-2025-8529

A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request...

CVE-2025-8267

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...

WordPress FluentSnippets Cross-Site Request Forgery Vulnerability

WordPress FluentSnippets is an open source project , mainly used to provide WordPress developers to create custom themes function code snippets . WordPress FluentSnippets suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a...

WordPress plugin Omnishop 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site reques...

Mozilla多款产品 数据伪造问题漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open-source Web browser. Mozilla Thunderbird is a separate set of Mozilla Application Suite Email client software. The software supports IMAP and POP mail protocols as well as the...

CVE-2025-36845

CVE-2025-36845 affects Eveo URVE Web Manager 27.02.2025. A server-side request forgery exists in /_internal/redirect.php due to improper validation of the URL input, enabling the app server to request internal endpoints and reflect content in the response. The Nuclei template confirms the SSRF pa...

CVE-2025-46385

CWE-918 Server-Side Request Forgery SSRF...

CVE-2024-9408

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...

CVE-2024-9408

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...

CVE-2025-54035

The CVE-2025-54035 issue is a CSRF vulnerability in Tribulant Software Newsletters (WordPress plugin), affecting versions up to 4.10. The public record notes CSRF exposure enabling unauthorized actions by authenticated users. Remediation per multiple sources is to update to a version later than 4...

Official Clerk JavaScript SDKs 数据伪造问题漏洞

Official Clerk JavaScript SDKs is a Clerk open source official Javascript repository for Clerk authentication. A data forgery vulnerability exists in the Official Clerk JavaScript SDKs, which stems from insufficient verifyWebhook validation and may result in the acceptance of unsigned webhook...

CVE-2025-49545 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...

CVE-2025-53473

CVE-2025-53473 is a server-side request forgery (SSRF) vulnerability reported in Nimesa Backup and Recovery. Public sources identify multiple affected branches and versions, including: - prior to v3.0.2025062305, - v2.3, and - v2.4, with the risk of unintended requests being sent to internal serv...

CVE-2025-7103 BoyunCMS curl Index.php server-side request forgery

A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The...

WordPress RSS Digest plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by johska in WordPress Plugin RSS Digest versions = 1.5...

WordPress Relocate Upload plugin <= 0.24.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Relocate Upload versions = 0.24.1...

CVE-2025-53327

CVE-2025-53327: CSRF vulnerability in WordPress plugin Aioseo Multibyte Descriptions (versions

CVE-2025-53269 WordPress My Wp Brand plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in imw3 My Wp Brand my-wp-brand allows Cross Site Request Forgery.This issue affects My Wp Brand: from n/a through = 1.1.3...

CVE-2025-53264 WordPress ONet Regenerate Thumbnails plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Konrád Koller ONet Regenerate Thumbnails allows Cross Site Request Forgery. This issue affects ONet Regenerate Thumbnails: from n/a through 1.5...

CVE-2025-53265

CVE-2025-53265 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Virusdie WordPress plugin, affecting versions ≤ 1.1.3. The issue could allow unauthorized actions via CSRF, with CVSS v3.1 base score 5.4 (I/L/A). The connected sources indicate the vulnerability exists in Virusdie ...