Lucene search
K

55997 matches found

CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

STVS ProVision 跨站请求伪造漏洞

STVS ProVision is an advanced video management system from STVS, Inc. A cross-site request forgery vulnerability exists in STVS ProVision version 5.9.10, which stems from an unauthenticated HTTP request with a cross-site request forgery issue that could lead to the creation of an administrator us...

8.8CVSS6.7AI score0.00164EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/08 11:8 p.m.19 views

CVE-2025-64760 Tuleap has missing CSRF protections in its tracker trigger management system

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove track...

4.6CVSS0.00119EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/08 10:19 p.m.2 views

Server-side Request Forgery (SSRF)

Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the x-zitadel-forward-host header handling in the login UI. An attacker can access internal resources and...

9.3CVSS6.9AI score0.00452EPSS
Exploits2References2
OSV
OSV
added 2025/12/08 10:19 p.m.2 views

GHSA-7WFC-4796-GMG5 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

Summary Zitadel is vulnerable to an unauthenticated, full-read SSRF vulnerability. An unauthenticated remote attacker can force Zitadel into making HTTP requests to arbitrary domains, including internal addresses. The server then returns the upstream response to the attacker, enabling data...

9.3CVSS7AI score0.00452EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/08 9:46 p.m.5 views

CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.6CVSS6.4AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 2025/12/08 1:15 p.m.5 views

CVE-2025-42616

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

7CVSS0.00146EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/08 11:6 a.m.6 views

Server-Side Request Forgery (SSRF)

apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...

9.8CVSS7AI score0.02016EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/08 10:15 a.m.10 views

Server-Side Request Forgery (SSRF)

@angular/ssr is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server to...

8.7CVSS7AI score0.00397EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/12/08 9:15 a.m.4 views

CVE-2025-26487

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

8.6CVSS0.00298EPSS
Exploits0References1
OSV
OSV
added 2025/12/08 9:15 a.m.3 views

CVE-2025-26487

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/12/08 8:48 a.m.9 views

Multiple vulnerabilities in GroupSession

Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2025-53523 Stored cross-site scripting CWE-79 - CVE-2025-54407 Reflected cross-site scripting CWE-79 - CVE-2025-57883 Cross-site request forgery...

6.9CVSS5.9AI score0.00186EPSS
Exploits0References17
CVE
CVE
added 2025/12/08 8:44 a.m.12 views

CVE-2025-26487

CVE-2025-26487 describes a Server-Side Request Forgery (SSRF) in Infinera MTC-9 web server. Affected component: Infinera MTC-9; root cause and exact affected versions are not detailed in the provided documents. Impact: remote unauthenticated users can access other network resources by sending HTT...

8.6CVSS6.8AI score0.00298EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2025/12/08 12:0 a.m.154 views

📄 YOURLS 1.8.2 CSRF / IDOR / Missing Authorization

YOURLS version 1.8.2 AJAX endpoint scanner that checks for cross site request forgery, insecure direct object reference, missing authorization, and missing input validation vulnerabilities...

7.4CVSS7AI score0.01994EPSS
Exploits5
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.3 views

phpIPAM 安全漏洞

phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version v1.7.3, which stems from a lack of CSRF protection in the database export function, which could lead to a remote attacker...

3.3CVSS6.5AI score0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.5 views

PT-2025-49557

phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...

7AI score0.0017EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-59775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM...

7.5CVSS5.4AI score0.00771EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.8 views

Apache 2.4.x < 2.4.66 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.66. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially le...

8.3CVSS7.8AI score0.015EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2025/12/07 3:16 a.m.493 views

Exploit for CVE-2025-66516

CVE-2025-66516 / CVE-2025-54988 - Apache Tika XXE Vulnerabilit...

10CVSS7.2AI score0.79807EPSS
Exploits6
NVD
NVD
added 2025/12/06 6:15 a.m.3 views

CVE-2025-13629

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplpapiupdatetext' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via a...

4.3CVSS0.00126EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.8 views

CVE-2025-12189

The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.11.1374. This is due to missing or incorrect nonce validation on the uploadImage function...

8.8CVSS6.6AI score0.00268EPSS
Exploits2References1
Rows per page
Query Builder