Lucene search
K

55996 matches found

RedHat Linux
RedHat Linux
added 2025/12/16 11:13 p.m.4 views

org.apache.kafka: Kafka Client Arbitrary File Read SSRF

A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...

7.5CVSS7.4AI score0.60841EPSS
Exploits2References5
OSV
OSV
added 2025/12/16 8:43 p.m.7 views

GHSA-WH6M-H6F4-RJF4 Libredesk has Improper Neutralization of HTML Tags in a Web Page

Summary LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the request and removing the tag, an attacker can inject arbitrary HTML element...

8.6CVSS6.6AI score0.00193EPSS
Exploits1References4
NVD
NVD
added 2025/12/16 7:15 p.m.5 views

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

8.8CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 6:16 p.m.6 views

CVE-2025-52196

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

7.5CVSS0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/16 5:3 p.m.3 views

CVE-2023-53899 PodcastGenerator 3.2.9 Blind Server-Side Request Forgery via XML Injection

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation...

9.8CVSS6.8AI score0.0049EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/16 5:3 p.m.5 views

EUVD-2023-60191

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation...

9.8CVSS6.6AI score0.0049EPSS
Exploits1References5
OSV
OSV
added 2025/12/16 3:30 p.m.3 views

GHSA-GXVV-45F6-3CH8 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

8.5CVSS5.8AI score0.00306EPSS
Exploits0References6
Snyk
Snyk
added 2025/12/16 3:30 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the ImageStreamImport mechanism that handles user-supplied image references without proper IP address and network-range validation. An attacker can access internal network resources, enumerate service...

8.5CVSS5.7AI score0.00306EPSS
Exploits0References2
CVE
CVE
added 2025/12/16 12:14 p.m.9 views

CVE-2025-14443

CVE-2025-14443 describes a vulnerability in the OpenShift API server component (ose-openshift-apiserver) where processing user-supplied image references lacks IP address and network-range validation. This enables internal network enumeration, service discovery, limited information disclosure, and...

6.4CVSS6AI score0.00306EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/16 12:14 p.m.4 views

CVE-2025-14443

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

8.5CVSS5.8AI score0.00306EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 9:31 a.m.3 views

EUVD-2025-203536

Cross-Site Request Forgery CSRF vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through = 1.0...

5.4CVSS6.3AI score0.00097EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/16 9:31 a.m.2 views

EUVD-2025-203611

Cross-Site Request Forgery CSRF vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through = 1.2...

4.3CVSS6.3AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2025/12/16 9:16 a.m.16 views

CVE-2025-68083

Cross-Site Request Forgery CSRF vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through = 1.0...

5.4CVSS0.00097EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.32 views

CVE-2025-67989 WordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through = 4.1.3...

5.4CVSS0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.4 views

CVE-2025-66844

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

9.1CVSS6.9AI score0.00247EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.6 views

PT-2025-51442

Name of the Vulnerable Software and Affected Versions LMPixels Kerge versions through 4.1.3 Description The software contains a Server-Side Request Forgery SSRF flaw. This allows for Server Side Request Forgery. Recommendations Update to a version newer than 4.1.3...

5.4CVSS6.6AI score0.00176EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.7 views

PT-2025-51774

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.2 Parse Server versions prior to 9.1.1-alpha.1 Description Parse Server, a backend deployable on Node.js infrastructure, contains a flaw in its Instagram authentication adapter. Prior to versions 8.6.2 and...

8.3CVSS6.6AI score0.00291EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/12/16 12:0 a.m.28 views

CVE-2025-52196

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51766

Name of the Vulnerable Software and Affected Versions Ctera Portal versions 8.1.x 8.1.1417.24 Description A Server-Side Request Forgery SSRF issue exists in Ctera Portal. This allows remote attackers to make arbitrary HTTP requests by providing a crafted HTML file containing an iframe. The...

7.5CVSS6.7AI score0.003EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

WordPress plugin Quick Interest Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.5AI score0.00104EPSS
Exploits0References1
Rows per page
Query Builder