WordPress Prime Slider - Addons For Elementor plugin server-side request forgery vulnerability

WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...

CVE-2025-59088

CVE-2025-59088 (python-kdcproxy) is an SSRF issue in kdcproxy where, if a realm lacks defined server addresses, the service queries DNS SRV records for that realm, potentially directing requests to attacker-controlled hosts/ports. The vulnerability is triggered when use_dns is enabled; an attacke...

Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...

WordPress Plugin Captcha.eu Server-Side Request Forgery Attack Vulnerability

WordPress Plugin Captcha.eu is a CAPTCHA plugin for the WordPress platform, which is mainly used to prevent bots from attacking and is also compliant with GDPR General Data Protection Regulation. WordPress Plugin Captcha.eu suffers from a server-side request forgery attack vulnerability that stem...

Wordpress Plugin Captcha.eu 安全漏洞

WordPress Plugin Captcha.eu is a CAPTCHA plugin for the WordPress platform, which is mainly used to prevent bots from attacking and is also compliant with GDPR General Data Protection Regulation. WordPress Plugin Captcha.eu suffers from a server-side request forgery attack vulnerability that stem...

WordPress plugin Pz-LinkCard 安全漏洞

WordPress Pz-LinkCard plugin is a WordPress plugin that is mainly used to display links in the form of cards, support custom display of external and internal links, and optimize social sharing and other features. WordPress Pz-LinkCard plugin suffers from a server-side request forgery vulnerabilit...

CRMEB server-side request forgery vulnerability in Xi'an Zhongbang Network Technology Co.

CRMEB is a Java mall system . CRMEB 5.6.1 and previous versions of server-side request forgery vulnerability , the vulnerability stems from the file app/services/out/OutAccountServices.php parameter pushtokenurl does not implement a sufficient authentication mechanism to confirm the source of the...

CRMEB 代码问题漏洞

CRMEB is a Java mall system . CRMEB 5.6.1 and previous versions of server-side request forgery vulnerability , the vulnerability stems from the file app/services/out/OutAccountServices.php parameter pushtokenurl does not implement a sufficient authentication mechanism to confirm the source of the...

Unmark 代码问题漏洞

Unmark is an open source to-do list application for bookmarking. A code issue vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from incorrect manipulation of the parameter url in the file /application/controllers/Marks.php, which could lead to server-side request forgery. An...

ChanCMS Server-Side Request Forgery Vulnerability

ChanCMS is a content management system. ChanCMS 3.3.0 version of the existence of server-side request forgery vulnerability, the vulnerability stems from the file / cms/collect/getArticle in the function CollectController parameter taskUrl does not implement a sufficient validation mechanism to...

ChanCMS 代码问题漏洞

ChanCMS is a content management system. ChanCMS 3.3.0 version of the existence of server-side request forgery vulnerability, the vulnerability stems from the file / cms/collect/getArticle in the function CollectController parameter taskUrl does not implement a sufficient validation mechanism to...

WordPress B Slider plugin server-side request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress B Slider plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function not implementing an adequate validation mechanis...

WordPress plugin Auto Upload Images 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Auto Upload Images plugin that stems from the server not implementing an adequate authentication mechanism to confirm the orig...

Esri Portal For ArcGis Cross-Site Request Forgery Vulnerability

Esri Portal For ArcGis is a core component of ArcGIS Enterprise that is used to share maps, scenes, applications, and geographic information within an organization, enabling centralized management of and access to the content through a web site. A cross-site request forgery vulnerability exists i...

Esri Portal For ArcGIS 代码问题漏洞

Esri Portal For ArcGis is a core component of ArcGIS Enterprise that is used to share maps, scenes, applications, and geographic information within an organization, enabling centralized management of and access to the content through a web site. A cross-site request forgery vulnerability exists i...

SAP CRM和SAP S/4HANA 代码问题漏洞

SAP CRM and SAP S/4HANA are both products of SAP, a customer relationship management system, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP CRM and SAP S/4HANA suffer from a server-side request forgery vulnerability, which stems fr...

QNAP Systems QNAP Notes Station 安全漏洞

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. A server-side request forgery vulnerability exists in QNAP Notes Station 3. The vulnerability stems from th...

Apache IoTDB 代码问题漏洞

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache USA Foundation, which provides data collection, storage, and analysis services, among other things. Apache IoTDB suffers from a server-side request forgery vulnerability that stems from the product'...

MyBB 安全漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A server request forgery vulnerability exists in MyBB versions prior to 1.8.38, which stems from the...

WordPress plugin All in One SEO Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A server-side request forge...