Lucene search
K

55996 matches found

Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51461

Cross-Site Request Forgery CSRF vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush-contentshake allows Cross Site Request Forgery.This issue affects Semrush Content Toolkit: from n/a through = 1.1.32...

5.4CVSS6.9AI score0.00097EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.3 views

WordPress plugin Meks Quick Plugin Disabler 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

5.4CVSS6.5AI score0.00097EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 12:0 a.m.2 views

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

6.5AI score0.00274EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

WordPress plugin WordPress plugin Kerge 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...

5.4CVSS6.9AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.3 views

PT-2025-51387

Name of the Vulnerable Software and Affected Versions Yoav Farhi RTL Tester versions through 1.2 Description A Cross-Site Request Forgery CSRF issue exists in Yoav Farhi RTL Tester. This allows attackers to potentially perform actions on behalf of an authenticated user without their knowledge. Th...

4.3CVSS6.4AI score0.00107EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/15 11:36 p.m.4 views

CVE-2025-66407 Weblate has Server-Side Request Forgery vulnerability

Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...

5CVSS6.1AI score0.00182EPSS
Exploits0References3
CVE
CVE
added 2025/12/15 11:36 p.m.12 views

CVE-2025-66407

Weblate before v5.15 is vulnerable to SSRF and local file enumeration when creating a Component with Mercurial as VCS. The repository URL field is not validated/sanitized, allowing arbitrary protocols/hosts, including localhost and file://, which can expose internal endpoints and filesystem layou...

5CVSS6.1AI score0.00182EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/15 8:33 p.m.4 views

GO-2025-4154 new-api is vulnerable to SSRF Bypass in one-api

new-api is vulnerable to SSRF Bypass in one-api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the repor...

8.5CVSS6.8AI score0.00259EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/15 6:30 p.m.6 views

EUVD-2025-203400

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

6.4AI score0.00247EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/12/15 6:30 p.m.6 views

Grav may be vulnerable to SSRF attack via Twig Templates

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

9.1CVSS6.9AI score0.00247EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2025/12/15 4:40 p.m.3 views

Server-side Request Forgery (SSRF)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of page content by Twig templates when configuration permits undefined PHP functions to be...

9.1CVSS6.8AI score0.00247EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/15 3:11 p.m.5 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains vulnerabilities that could result in a denial of service condition or bypass security restrictions. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's...

6.5CVSS6.8AI score0.01037EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/12/15 12:30 a.m.4 views

EUVD-2025-203310

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.2AI score0.00355EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.2 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

6.7AI score0.00317EPSS
Exploits0References4
Redos
Redos
added 2025/12/15 12:0 a.m.9 views

ROS-20251215-7307

A vulnerability in the GNU Wget download manager is related to insufficient server-side request validation. Exploitation of the vulnerability could allow a remote attacker to perform an SSRF, phishing or man-in-the-middle attack...

6.5CVSS6.9AI score0.0111EPSS
Exploits0
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.3 views

Ateme TITAN 安全漏洞

Ateme TITAN is a video processing and compression software from the French company Ateme. A security vulnerability exists in Ateme TITAN version 3.9.12.4, which stems from a server-side request forgery in the job callback URL parameter that could lead to bypassing network restrictions...

6.5CVSS6.7AI score0.00237EPSS
Exploits1References5
NVD
NVD
added 2025/12/14 10:15 p.m.7 views

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS0.00355EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/14 9:39 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...

6.9CVSS6.7AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/14 9:39 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...

6.9CVSS6.7AI score0.00355EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/12/14 9:27 p.m.5 views

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS7.8AI score0.00355EPSS
Exploits0
Rows per page
Query Builder