PT-2025-53902

Name of the Vulnerable Software and Affected Versions Ays Pro Popup box versions through 6.0.7 Description A Cross-Site Request Forgery issue exists in Ays Pro Popup box. This allows attackers to perform actions on behalf of an unsuspecting user. The issue affects the Popup box component...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

CVE-2025-68893

Server-Side Request Forgery SSRF vulnerability in HETWORKS WordPress Image shrinker wp-image-shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through = 1.1.0...

CVE-2025-68893 WordPress WordPress Image shrinker plugin <= 1.1.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in HETWORKS WordPress Image shrinker wp-image-shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through = 1.1.0...

CVE-2025-69206 Hemmelig has SSRF Filter bypass in Secret Request functionality

Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...

Orangescrum Elevation of Privilege Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an elevation of privilege vulnerability, which stems from the application's failure to effectively verify the source of requests ...

CVE-2024-30855

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...

WordPress plugin WordPress Image shrinker 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-53754

Name of the Vulnerable Software and Affected Versions Hemmelig versions prior to 7.3.3 Description A Server-Side Request Forgery SSRF filter bypass exists in the webhook URL validation of the Secret Requests feature in Hemmelig, a messaging app with client-side encryption and self-destructing...

PT-2025-53751

Name of the Vulnerable Software and Affected Versions HETWORKS WordPress Image shrinker versions through 1.1.0 Description The WordPress Image shrinker plugin contains a Server-Side Request Forgery SSRF flaw. This allows for Server Side Request Forgery. Recommendations Update HETWORKS WordPress...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

PT-2025-53784

Name of the Vulnerable Software and Affected Versions givanz VvvebJs version 1.7.2 Description A critical issue exists in givanz VvvebJs version 1.7.2 that permits Server-Side Request Forgery SSRF and arbitrary file reading. This is due to improper handling of user-supplied URLs within the file g...

CVE-2025-15098 YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery

A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can lead to server-side request forgery. The attack m...

Debian dla-4421 : python3-urllib3 - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4421 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4421-1 [email protected]...

WordPress Fast User Switching plugin <= 1.4.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Fast User Switching versions = 1.4.10...

PT-2025-132: Server-side Request Forgery (SSRF) in OpenPDF

The vulnerability was identified in OpenPDF, versions 2.0.3. The discovered vulnerability allows an attacker craft arbitrary HTTP requests that the vulnerable server will send to both external services and internal network endpoints. By exploiting this, the attacker can exfiltrate sensitive data...

CVE-2025-67622

Cross-Site Request Forgery CSRF vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through = 1.8.9...

CVE-2025-68529

Cross-Site Request Forgery CSRF vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through = 3.12.5...

CVE-2025-68567

Cross-Site Request Forgery CSRF vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through = 3.6.33...

CVE-2019-25250

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL...