55996 matches found
CVE-2025-34410
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...
GHSA-8XQM-6FJ2-HFGF PowerJob has a server-side request forgery vulnerability in PingPongUtils.java
A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...
CVE-2025-14518
A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...
CVE-2025-65512
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...
CVE-2025-11467
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...
EUVD-2025-202643
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...
CVE-2025-11467 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...
GeoServer < 2.25.6 / 2.26.x < 2.26.2 XML External Entity
GeoServer versions prior to 2.25.6, 2.26.x 2.26.2 are affected by an XML External Entity XXE vulnerability. An attacker could exploit this vulnerability by sending a specially crafted XML request to the GeoServer instance, which could lead to unauthorized access to sensitive data, server-side...
SAP BusinessObjects Business Intelligence Platform SSRF (December 2025)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a server-side request forgery vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote...
EUVD-2020-30832
All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...
1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the port-change endpoint in the web port configuration process. An attacker can cause service disruption or loss of access by tricking an authenticated user into submitting a crafted request, which...
GHSA-5XPQ-2VMC-5CQP 1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...
CVE-2021-47723
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...
CVE-2025-65512
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...
CVE-2020-36901
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new...
CVE-2020-36901 UBICOD Medivision Digital Signage 1.5.1 Cross-Site Request Forgery via User Management
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new...
GHSA-RPR2-4HQJ-HC4Q 1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...
CVE-2025-67639
A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Change Username process in the settings panel. An attacker can cause a user's account to be locked out by tricking the victim into visiting a malicious webpage while authenticated, which submits a...