55996 matches found
PT-2025-51461
Cross-Site Request Forgery CSRF vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush-contentshake allows Cross Site Request Forgery.This issue affects Semrush Content Toolkit: from n/a through = 1.1.32...
WordPress plugin Meks Quick Plugin Disabler 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
CVE-2025-65593
nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...
WordPress plugin WordPress plugin Kerge 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...
PT-2025-51387
Name of the Vulnerable Software and Affected Versions Yoav Farhi RTL Tester versions through 1.2 Description A Cross-Site Request Forgery CSRF issue exists in Yoav Farhi RTL Tester. This allows attackers to potentially perform actions on behalf of an authenticated user without their knowledge. Th...
CVE-2025-66407 Weblate has Server-Side Request Forgery vulnerability
Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...
CVE-2025-66407
Weblate before v5.15 is vulnerable to SSRF and local file enumeration when creating a Component with Mercurial as VCS. The repository URL field is not validated/sanitized, allowing arbitrary protocols/hosts, including localhost and file://, which can expose internal endpoints and filesystem layou...
GO-2025-4154 new-api is vulnerable to SSRF Bypass in one-api
new-api is vulnerable to SSRF Bypass in one-api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the repor...
EUVD-2025-203400
In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...
Grav may be vulnerable to SSRF attack via Twig Templates
In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...
Server-side Request Forgery (SSRF)
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of page content by Twig templates when configuration permits undefined PHP functions to be...
Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty
Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains vulnerabilities that could result in a denial of service condition or bypass security restrictions. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's...
EUVD-2025-203310
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
CVE-2025-65778
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...
ROS-20251215-7307
A vulnerability in the GNU Wget download manager is related to insufficient server-side request validation. Exploitation of the vulnerability could allow a remote attacker to perform an SSRF, phishing or man-in-the-middle attack...
Ateme TITAN 安全漏洞
Ateme TITAN is a video processing and compression software from the French company Ateme. A security vulnerability exists in Ateme TITAN version 3.9.12.4, which stems from a server-side request forgery in the job callback URL parameter that could lead to bypassing network restrictions...
CVE-2025-13281
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...
CVE-2025-13281
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...