56002 matches found
CVE-2025-13296 CSRF in Tekrom Technology's T-Soft E-Commerce
Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery. This issue affects T-Soft E-Commerce: through 28112025...
EUVD-2025-199984
Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025...
CVE-2025-13296 CSRF in Tekrom Technology's T-Soft E-Commerce
Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery. This issue affects T-Soft E-Commerce: through 28112025...
CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
Mogu blog 代码问题漏洞
Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A code issue vulnerability exists in Mogu blog v2 5.2 and earlier versions, which originates from a flaw in the function LocalFileServiceImpl.uploadPictureByUrl in the...
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...
PT-2025-48576
Name of the Vulnerable Software and Affected Versions Portkey.ai Gateway versions prior to 1.14.0 Description The Portkey.ai Gateway, a fast AI Gateway with integrated guardrails, is susceptible to Server-Side Request Forgery SSRF attacks in versions before 1.14.0. The gateway determines the...
PublicCMS 安全漏洞
PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version V5.202506.b, which originates from a server-side request forgery in the SimpleAiAdminController chat interface...
CVE-2025-13796 deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery
A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. T...
Nature Easy Soft Network Technology ZenTao 代码问题漏洞
Nature Easy Soft Network Technology ZenTao is a set of open source project management software from China's Nature Easy Soft Network Technology Nature Easy Soft Network Technology. The software includes product management, project management, quality management and document management functions. ...
CVE-2025-53897
CVE-2025-53897 affects Kiteworks MFT prior to 9.1.0. A crafted fake page could trick an administrator into visiting it, allowing an external attacker to access log information from the system. The issue is resolved in version 9.1.0. Affected product/version details and remediation are supported b...
CVE-2025-51733
Cross-Site Request Forgery CSRF vulnerability in HCL Technologies Ltd. Unica 12.0.0...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Open Redirect / Server-Side Request Forgery (SSRF) bypass due to Python
Summary Python is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control...
CVE-2025-13378
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...
CVE-2025-13737
The CVE-2025-13737 entry covers the WordPress plugin Nextend Social Login and Register (WordPress Nextend Facebook Connect) with a Cross-Site Request Forgery (CSRF) vulnerability tracked up to version 3.1.21. The underlying issue is missing or incorrect nonce validation in the unlinkUser function...
CVE-2025-51733
Cross-Site Request Forgery CSRF vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-62497
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed...
EUVD-2025-199811
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...