55996 matches found
org.apache.kafka: Kafka Client Arbitrary File Read SSRF
A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...
GHSA-WH6M-H6F4-RJF4 Libredesk has Improper Neutralization of HTML Tags in a Web Page
Summary LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the request and removing the tag, an attacker can inject arbitrary HTML element...
CVE-2025-65593
nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...
CVE-2025-52196
Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...
CVE-2023-53899 PodcastGenerator 3.2.9 Blind Server-Side Request Forgery via XML Injection
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation...
EUVD-2023-60191
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation...
GHSA-GXVV-45F6-3CH8 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the ImageStreamImport mechanism that handles user-supplied image references without proper IP address and network-range validation. An attacker can access internal network resources, enumerate service...
CVE-2025-14443
CVE-2025-14443 describes a vulnerability in the OpenShift API server component (ose-openshift-apiserver) where processing user-supplied image references lacks IP address and network-range validation. This enables internal network enumeration, service discovery, limited information disclosure, and...
CVE-2025-14443
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...
EUVD-2025-203536
Cross-Site Request Forgery CSRF vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through = 1.0...
EUVD-2025-203611
Cross-Site Request Forgery CSRF vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through = 1.2...
CVE-2025-68083
Cross-Site Request Forgery CSRF vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through = 1.0...
CVE-2025-67989 WordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through = 4.1.3...
CVE-2025-66844
In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...
PT-2025-51442
Name of the Vulnerable Software and Affected Versions LMPixels Kerge versions through 4.1.3 Description The software contains a Server-Side Request Forgery SSRF flaw. This allows for Server Side Request Forgery. Recommendations Update to a version newer than 4.1.3...
PT-2025-51774
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.2 Parse Server versions prior to 9.1.1-alpha.1 Description Parse Server, a backend deployable on Node.js infrastructure, contains a flaw in its Instagram authentication adapter. Prior to versions 8.6.2 and...
CVE-2025-52196
Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...
PT-2025-51766
Name of the Vulnerable Software and Affected Versions Ctera Portal versions 8.1.x 8.1.1417.24 Description A Server-Side Request Forgery SSRF issue exists in Ctera Portal. This allows remote attackers to make arbitrary HTTP requests by providing a crafted HTML file containing an iframe. The...
WordPress plugin Quick Interest Slider 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...