CVE-2025-23501

Cross-Site Request Forgery CSRF vulnerability in SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA cookie-consent-autoblock allows Stored XSS.This issue affects Cookie Consent & Autoblock for GDPR/CCPA: from n/a through = 1.0.1...

CVE-2025-23510

Cross-Site Request Forgery CSRF vulnerability in Jan Štětina WordPress Logging Service wordpress-logging-service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through = 1.5.4...

CVE-2022-38660

HCL XPages applications are susceptible to a Cross Site Request Forgery CSRF vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user...

CVE-2022-38342

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity XXE vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery SSRF attacks...

CVE-2022-23475

daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting XSS and cross site request forgery CSRF vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in...

CVE-2022-23644

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The...

CVE-2022-31188

CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery SSRF vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to...

CVE-2022-31196

Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...

CVE-2022-0768

Server-Side Request Forgery SSRF in GitHub repository rudloff/alltube prior to 3.0.2...

CVE-2022-0215

The Login/Signup Popup, Waitlist Woocommerce Back in stock notifier , and Side Cart Woocommerce Ajax WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the savesettings function found in the /includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it...

CVE-2022-0086

uppy is vulnerable to Server-Side Request Forgery SSRF...

CVE-2019-11457

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/...

CVE-2020-7304

Cross site request forgery vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label...

CVE-2024-39687

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has...

CVE-2025-13749

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

CVE-2025-13749

CVE-2025-13749 was reported for Clearfy Cache – WordPress optimization plugin, affecting versions up to 2.4.0, due to missing nonce validation in wbcr_upm_change_flag that enables CSRF to tamper with update notifications. The connected Wordfence entry confirms the issue as a CSRF to Update Notifi...

Exploit for CVE-2025-45955

CVE-2025-45955 🕳️ Server-Side Request Forgery in DonWeb Ferozo...

Server-side Request Forgery (SSRF)

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the media inliner component. An attacker can access internal resources by sending crafted requests through the API while authenticated as a staff user. Remediation Upgra...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthorized actions by tricking a user into submitting a crafted...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.3 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A...