CVE-2025-67427

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

WordPress plugin WP Job Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2026-1294

Name of the Vulnerable Software and Affected Versions Employee Leave Management System version 2.1 Description A Cross Site Request Forgery issue exists in Employee Leave Management System version 2.1. A remote attacker can potentially escalate privileges through the manage-employee.php component...

CVE-2025-67315

...

PT-2026-1344

Name of the Vulnerable Software and Affected Versions Craft versions 5.0.0-RC1 through 5.8.20 Craft versions 4.0.0-RC1 through 4.16.16 Description Craft is a platform for creating digital experiences. The GraphQL save Asset mutation is susceptible to Server-Side Request Forgery SSRF. The issue...

CVE-2026-21433

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

PT-2026-1120

Name of the Vulnerable Software and Affected Versions Emlog versions up to and including 2.5.19 Description Emlog is vulnerable to server-side Out-of-Band OOB requests and Server-Side Request Forgery SSRF through the handling of uploaded SVG files. An attacker can upload a specially crafted SVG...

emlog 代码问题漏洞

emlog is emlog open source PHP and MySQL based on a set of CMS site building system . A code issue vulnerability exists in Emlog 2.5.19 and prior versions, which stems from an out-of-band server-side request or a server-side request forgery by uploading an SVG file that could lead to probing the...

CVE-2026-21428

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the writeheaders function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add...

CVE-2025-59138

Server-Side Request Forgery SSRF vulnerability in Jthemes Genemy genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through = 1.6.6...

CVE-2025-62101

Cross-Site Request Forgery CSRF vulnerability in Omid Shamloo Pardakht Delkhah pardakht-delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through = 3.0.0...

CVE-2025-63040

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through = 4.0.11...

CVE-2025-62123

Cross-Site Request Forgery CSRF vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through = 1.0.7...

CVE-2025-62089

Cross-Site Request Forgery CSRF vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through = 4.2.1...

CVE-2025-14627

CVE-2025-14627 affects the WP Import – Ultimate CSV XML Importer for WordPress plugin (up to version 7.35). Wordfence reports an SSRF vulnerability: Bitly shortlinks are unrevalidated after unshortening in upload_function(), allowing authenticated attackers with Contributor+ to force the server t...

CVE-2025-15405 PHPEMS cross-site request forgery

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...

CVE-2025-62992

Cross-Site Request Forgery CSRF vulnerability in everestthemes Everest Backup everest-backup allows Path Traversal.This issue affects Everest Backup: from n/a through = 2.3.11...