55998 matches found
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
Summary A Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints AWS/GCP/Azure, scan internal networks, access internal services behind...
CVE-2025-65958
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to...
CVE-2025-66201
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2024-45538
The CVE-2024-45538 issue affects Synology DiskStation Manager (DSM) WebAPI Framework and DSMUC, enabling a CSRF vulnerability that can lead to remote arbitrary code execution. Affected are DSM versions prior to 7.2.1-69057-2, 7.2.2-72806, and DSMUC prior to 3.1.4-23079. The vulnerability is categ...
CVE-2025-14004
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...
CVE-2025-14004
Dayrui XunRuiCMS is affected up to version 4.7.1. The vulnerability lies in the Email Setting Handler component, specifically the file /admind45f74adbd95.php?c=email&m=add, where manipulation enables server-side request forgery. Remote exploitation is possible and exploits have been released publ...
CVE-2025-12358
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...
xunruicms 代码问题漏洞
xunruicms is a website builder framework for XunRuiCMS individual developers. A code issue vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the component Email Setting Handler in the file /admind45f74adbd95.php, which can lead to server-side...
Open WebUI 代码问题漏洞
Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A code issue vulnerability exists in versions of Open WebUI prior to 0.6.37 that stems from server-side request forgery and could lead to access to internal networks and services...
PT-2025-49024
Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager DSM versions prior to 7.2.1-69057-2 Synology DiskStation Manager DSM versions 7.2.1-69057-2 through 7.2.2-72806 Synology Unified Controller DSMUC versions prior to 3.1.4-23079 Description A Cross-Site Request Forge...
PT-2025-49128
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.37 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to...
PT-2025-49178
Name of the Vulnerable Software and Affected Versions kube-controller-manager affected versions not specified Description An issue exists in kube-controller-manager when utilizing the in-tree Portworx StorageClass, allowing authorized users to potentially leak information from unprotected endpoin...
CVE-2025-65027 RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the...
CVE-2025-65027
RomM (ROM Manager) is affected by multiple unrestricted file upload flaws that allow authenticated users to upload malicious SVG/HTML files. When accessed, the embedded JavaScript enables stored XSS, and, due to a CSRF misconfiguration, can lead to full administrative account takeover (rogue admi...
DRUPAL-CONTRIB-2025-120
This module enables you to apply time-based login restrictions and display related warning or logout confirmation pages. The module doesn't sufficiently protect its confirmation routes from cross-site request forgery CSRF, allowing the logout confirmation route to be triggered without user...
CVE-2025-20388
CVE-2025-20388 affects Splunk Enterprise and Splunk Cloud Platform. A user with a role that has the high-privilege capability change_authentication could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. Affected v...
WordPress Chartify plugin <= 3.6.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Doan Dinh Van in WordPress Plugin Chartify versions = 3.6.3...
RockyLinux 8 : idm:DL1 (RLSA-2025:21140)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21140 advisory. python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV CVE-2025-59088 python-kdcproxy: Remote DoS via unbounded TCP upstream buffering...
CVE-2025-13871
Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...
CVE-2025-13871
Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...