Lucene search
K

55996 matches found

Cvelist
Cvelist
added 2025/12/24 1:10 p.m.27 views

CVE-2025-68580 WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through = 3.2.9...

4.3CVSS0.00109EPSS
Exploits0References1
CVE
CVE
added 2025/12/24 1:10 p.m.13 views

CVE-2025-68580

Technical details about CVE-2025-68580 (affected product, root cause, impact, patch) are not present in the provided connected documents; only the generic description is available. Monitor for updates.

4.3CVSS6.5AI score0.00109EPSS
Exploits0References1
CVE
CVE
added 2025/12/24 1:10 p.m.12 views

CVE-2025-67625

CVE-2025-67625 is a CSRF vulnerability in the WordPress plugin “Trade Runner” (tmtraderunner) affecting versions from n/a through 3.14. The issue enables Cross-Site Request Forgery, potentially allowing an attacker to perform actions on behalf of an authenticated user. Affected component is the p...

4.3CVSS6.5AI score0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/24 1:10 p.m.4 views

CVE-2025-67623 WordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through = 2.22.0...

5.4CVSS5.1AI score0.00163EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/24 12:31 p.m.26 views

CVE-2025-68500 WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through = 4.0.10...

4.9CVSS0.00154EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/24 9:39 a.m.5 views

Server-Side Request Forgery (SSRF)

@lobehub/chat is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and restriction of user-supplied URLs in the tools.search.crawlPages tRPC endpoint, which allows an attacker with a valid token to supply arbitrary URLs and force the server to mak...

3CVSS5.8AI score0.00294EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.3 views

WordPress plugin Prime Slider – Addons For Elementor 安全漏洞

WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...

4.9CVSS6.8AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.6 views

PT-2025-53370

Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...

5.3CVSS6.8AI score0.00136EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53271

Name of the Vulnerable Software and Affected Versions Tikweb Management Fast User Switching versions through 1.4.10 Description A Cross-Site Request Forgery CSRF issue exists in the Fast User Switching functionality. This allows attackers to perform actions on behalf of authenticated users withou...

8.8CVSS6.3AI score0.00109EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.2 views

Teradek VidiU Pro 安全漏洞

Teradek VidiU Pro is a hardware live encoder from Teradek USA. A security vulnerability exists in Teradek VidiU Pro version 3.0.3 that stems from a lack of proper request validation and could lead to a cross-site request forgery attack...

5.1CVSS6.6AI score0.00159EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

Ecessa Edge EV150 跨站请求伪造漏洞

Ecessa Edge EV150 is a multilink load balancer from Ecessa USA. A cross-site request forgery vulnerability exists in Ecessa Edge EV150 version 10.7.4, which stems from vulnerability to a cross-site request forgery attack that could lead to the creation of an administrator account...

5.3CVSS6.6AI score0.00136EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.5 views

PT-2025-53288

Name of the Vulnerable Software and Affected Versions Link Library versions through 7.8.4 Description A Server-Side Request Forgery SSRF vulnerability exists in Yannick Lefebvre Link Library. This issue allows for Server Side Request Forgery. Recommendations Update Link Library to a version newer...

9.1CVSS6.7AI score0.00119EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.3 views

PT-2025-53420

CVE-2025-68687 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68687 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

7AI score
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.5 views

Teradek VidiU Pro 安全漏洞

Teradek VidiU Pro is a hardware live streaming encoder from Teradek USA. A security vulnerability exists in Teradek VidiU Pro version 3.0.3, which stems from the mishandling of the url and xmlurl parameters by the management interface, which could lead to a server-side request forgery attack...

6.9CVSS6.7AI score0.00301EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.8 views

PT-2025-53336

Name of the Vulnerable Software and Affected Versions Devolo dLAN 500 AV Wireless+ version 3.1.0-1 Description The software contains a cross-site request forgery issue that enables attackers to perform administrative actions without proper request validation. Attackers can create malicious web...

5.3CVSS6.4AI score0.00138EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53320

SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious...

5.3CVSS6.7AI score0.00145EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.6 views

PT-2025-53268

Name of the Vulnerable Software and Affected Versions Advanced Classifieds & Directory Pro versions through 3.2.9 Description A Cross-Site Request Forgery CSRF issue exists in Advanced Classifieds & Directory Pro. This allows an attacker to potentially perform actions on behalf of an authenticate...

8.8CVSS6.5AI score0.00109EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53272

Name of the Vulnerable Software and Affected Versions Vimeotheque versions prior to 2.3.5.3 Description The software contains a Cross-Site Request Forgery CSRF issue. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge. Recommendations...

8.8CVSS6.5AI score0.00109EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/23 6:17 p.m.8 views

Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Summary The download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints AWS/GCP/Azure, as well as...

6.5CVSS6.7AI score0.00274EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/23 6:17 p.m.5 views

GHSA-9C54-GXH7-PPJC Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Summary The download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints AWS/GCP/Azure, as well as...

6.3CVSS6.5AI score0.00274EPSS
Exploits1References4
Rows per page
Query Builder