Lucene search
K

55996 matches found

RedhatCVE
RedhatCVE
added 2025/12/11 5:2 p.m.6 views

CVE-2025-34410

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS6.7AI score0.00128EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 3:30 p.m.1 views

GHSA-8XQM-6FJ2-HFGF PowerJob has a server-side request forgery vulnerability in PingPongUtils.java

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

6.3CVSS6.3AI score0.00311EPSS
Exploits1References7
NVD
NVD
added 2025/12/11 3:15 p.m.7 views

CVE-2025-14518

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

9.8CVSS0.00311EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.8 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS6.9AI score0.00442EPSS
Exploits1References1
NVD
NVD
added 2025/12/11 3:15 a.m.12 views

CVE-2025-11467

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...

5.8CVSS0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/11 1:55 a.m.8 views

EUVD-2025-202643

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...

5.8CVSS5.5AI score0.00223EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/11 1:55 a.m.27 views

CVE-2025-11467 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...

5.8CVSS0.00223EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.1 views

GeoServer < 2.25.6 / 2.26.x < 2.26.2 XML External Entity

GeoServer versions prior to 2.25.6, 2.26.x 2.26.2 are affected by an XML External Entity XXE vulnerability. An attacker could exploit this vulnerability by sending a specially crafted XML request to the GeoServer instance, which could lead to unauthorized access to sensitive data, server-side...

9.8CVSS6.8AI score0.66753EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.5 views

SAP BusinessObjects Business Intelligence Platform SSRF (December 2025)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a server-side request forgery vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote...

5.4CVSS5.6AI score0.0026EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/10 9:31 p.m.5 views

EUVD-2020-30832

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.6CVSS6.3AI score0.00224EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/12/10 9:31 p.m.17 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

5.1CVSS7AI score0.00172EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/12/10 9:31 p.m.1 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the port-change endpoint in the web port configuration process. An attacker can cause service disruption or loss of access by tricking an authenticated user into submitting a crafted request, which...

7.1CVSS6.6AI score0.00144EPSS
Exploits0References2
OSV
OSV
added 2025/12/10 9:31 p.m.2 views

GHSA-5XPQ-2VMC-5CQP 1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

5.1CVSS6.9AI score0.00172EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.3 views

CVE-2021-47723

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS6.9AI score0.00164EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 9:16 p.m.7 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS0.00442EPSS
Exploits1References2
OSV
OSV
added 2025/12/10 9:16 p.m.4 views

CVE-2020-36901

UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new...

8.8CVSS5.7AI score0.00255EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/10 9:5 p.m.19 views

CVE-2020-36901 UBICOD Medivision Digital Signage 1.5.1 Cross-Site Request Forgery via User Management

UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new...

8.6CVSS0.00255EPSS
Exploits1References4
OSV
OSV
added 2025/12/10 6:30 p.m.6 views

GHSA-RPR2-4HQJ-HC4Q 1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS6.7AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/10 4:50 p.m.29 views

CVE-2025-67639

A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...

0.00154EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/10 4:46 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Change Username process in the settings panel. An attacker can cause a user's account to be locked out by tricking the victim into visiting a malicious webpage while authenticated, which submits a...

7.1CVSS6.5AI score0.00128EPSS
Exploits0References2
Rows per page
Query Builder