55997 matches found
STVS ProVision 跨站请求伪造漏洞
STVS ProVision is an advanced video management system from STVS, Inc. A cross-site request forgery vulnerability exists in STVS ProVision version 5.9.10, which stems from an unauthenticated HTTP request with a cross-site request forgery issue that could lead to the creation of an administrator us...
CVE-2025-64760 Tuleap has missing CSRF protections in its tracker trigger management system
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove track...
Server-side Request Forgery (SSRF)
Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the x-zitadel-forward-host header handling in the login UI. An attacker can access internal resources and...
GHSA-7WFC-4796-GMG5 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
Summary Zitadel is vulnerable to an unauthenticated, full-read SSRF vulnerability. An unauthenticated remote attacker can force Zitadel into making HTTP requests to arbitrary domains, including internal addresses. The server then returns the upstream response to the attacker, enabling data...
CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-42616
Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...
Server-Side Request Forgery (SSRF)
apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...
Server-Side Request Forgery (SSRF)
@angular/ssr is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server to...
CVE-2025-26487
Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...
CVE-2025-26487
Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...
Multiple vulnerabilities in GroupSession
Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2025-53523 Stored cross-site scripting CWE-79 - CVE-2025-54407 Reflected cross-site scripting CWE-79 - CVE-2025-57883 Cross-site request forgery...
CVE-2025-26487
CVE-2025-26487 describes a Server-Side Request Forgery (SSRF) in Infinera MTC-9 web server. Affected component: Infinera MTC-9; root cause and exact affected versions are not detailed in the provided documents. Impact: remote unauthenticated users can access other network resources by sending HTT...
📄 YOURLS 1.8.2 CSRF / IDOR / Missing Authorization
YOURLS version 1.8.2 AJAX endpoint scanner that checks for cross site request forgery, insecure direct object reference, missing authorization, and missing input validation vulnerabilities...
phpIPAM 安全漏洞
phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version v1.7.3, which stems from a lack of CSRF protection in the database export function, which could lead to a remote attacker...
PT-2025-49557
phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...
Linux Distros Unpatched Vulnerability : CVE-2025-59775
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM...
Apache 2.4.x < 2.4.66 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.66. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially le...
Exploit for CVE-2025-66516
CVE-2025-66516 / CVE-2025-54988 - Apache Tika XXE Vulnerabilit...
CVE-2025-13629
The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplpapiupdatetext' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via a...
CVE-2025-12189
The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.11.1374. This is due to missing or incorrect nonce validation on the uploadImage function...