55996 matches found
CVE-2025-68580 WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through = 3.2.9...
CVE-2025-68580
Technical details about CVE-2025-68580 (affected product, root cause, impact, patch) are not present in the provided connected documents; only the generic description is available. Monitor for updates.
CVE-2025-67625
CVE-2025-67625 is a CSRF vulnerability in the WordPress plugin “Trade Runner” (tmtraderunner) affecting versions from n/a through 3.14. The issue enables Cross-Site Request Forgery, potentially allowing an attacker to perform actions on behalf of an authenticated user. Affected component is the p...
CVE-2025-67623 WordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through = 2.22.0...
CVE-2025-68500 WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through = 4.0.10...
Server-Side Request Forgery (SSRF)
@lobehub/chat is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and restriction of user-supplied URLs in the tools.search.crawlPages tRPC endpoint, which allows an attacker with a valid token to supply arbitrary URLs and force the server to mak...
WordPress plugin Prime Slider – Addons For Elementor 安全漏洞
WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...
PT-2025-53370
Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...
PT-2025-53271
Name of the Vulnerable Software and Affected Versions Tikweb Management Fast User Switching versions through 1.4.10 Description A Cross-Site Request Forgery CSRF issue exists in the Fast User Switching functionality. This allows attackers to perform actions on behalf of authenticated users withou...
Teradek VidiU Pro 安全漏洞
Teradek VidiU Pro is a hardware live encoder from Teradek USA. A security vulnerability exists in Teradek VidiU Pro version 3.0.3 that stems from a lack of proper request validation and could lead to a cross-site request forgery attack...
Ecessa Edge EV150 跨站请求伪造漏洞
Ecessa Edge EV150 is a multilink load balancer from Ecessa USA. A cross-site request forgery vulnerability exists in Ecessa Edge EV150 version 10.7.4, which stems from vulnerability to a cross-site request forgery attack that could lead to the creation of an administrator account...
PT-2025-53288
Name of the Vulnerable Software and Affected Versions Link Library versions through 7.8.4 Description A Server-Side Request Forgery SSRF vulnerability exists in Yannick Lefebvre Link Library. This issue allows for Server Side Request Forgery. Recommendations Update Link Library to a version newer...
PT-2025-53420
CVE-2025-68687 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68687 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Teradek VidiU Pro 安全漏洞
Teradek VidiU Pro is a hardware live streaming encoder from Teradek USA. A security vulnerability exists in Teradek VidiU Pro version 3.0.3, which stems from the mishandling of the url and xmlurl parameters by the management interface, which could lead to a server-side request forgery attack...
PT-2025-53336
Name of the Vulnerable Software and Affected Versions Devolo dLAN 500 AV Wireless+ version 3.1.0-1 Description The software contains a cross-site request forgery issue that enables attackers to perform administrative actions without proper request validation. Attackers can create malicious web...
PT-2025-53320
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious...
PT-2025-53268
Name of the Vulnerable Software and Affected Versions Advanced Classifieds & Directory Pro versions through 3.2.9 Description A Cross-Site Request Forgery CSRF issue exists in Advanced Classifieds & Directory Pro. This allows an attacker to potentially perform actions on behalf of an authenticate...
PT-2025-53272
Name of the Vulnerable Software and Affected Versions Vimeotheque versions prior to 2.3.5.3 Description The software contains a Cross-Site Request Forgery CSRF issue. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge. Recommendations...
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Summary The download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints AWS/GCP/Azure, as well as...
GHSA-9C54-GXH7-PPJC Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Summary The download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints AWS/GCP/Azure, as well as...