Lucene search
K

56002 matches found

Cvelist
Cvelist
added 2025/12/01 11:51 a.m.8 views

CVE-2025-13296 CSRF in Tekrom Technology's T-Soft E-Commerce

Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery. This issue affects T-Soft E-Commerce: through 28112025...

5.4CVSS0.00099EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/01 11:51 a.m.3 views

EUVD-2025-199984

Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025...

5.4CVSS6.4AI score0.00099EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/01 11:51 a.m.6 views

CVE-2025-13296 CSRF in Tekrom Technology's T-Soft E-Commerce

Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery. This issue affects T-Soft E-Commerce: through 28112025...

5.4CVSS5.8AI score0.00099EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/01 7:32 a.m.13 views

CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

7.5CVSS0.00461EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/01 7:32 a.m.5 views

CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

7.5CVSS6.3AI score0.00461EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/01 5:32 a.m.3 views

CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...

6.5CVSS6.1AI score0.00292EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.4 views

Mogu blog 代码问题漏洞

Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A code issue vulnerability exists in Mogu blog v2 5.2 and earlier versions, which originates from a flaw in the function LocalFileServiceImpl.uploadPictureByUrl in the...

9.8CVSS7.4AI score0.00461EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.7 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

0.00288EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.4 views

PT-2025-48576

Name of the Vulnerable Software and Affected Versions Portkey.ai Gateway versions prior to 1.14.0 Description The Portkey.ai Gateway, a fast AI Gateway with integrated guardrails, is susceptible to Server-Side Request Forgery SSRF attacks in versions before 1.14.0. The gateway determines the...

9.8CVSS6.5AI score0.00323EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.7 views

PublicCMS 安全漏洞

PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version V5.202506.b, which originates from a server-side request forgery in the SimpleAiAdminController chat interface...

9.1CVSS6.8AI score0.00288EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/30 11:32 p.m.9 views

CVE-2025-13796 deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery

A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. T...

6.5CVSS0.00279EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/30 12:0 a.m.3 views

Nature Easy Soft Network Technology ZenTao 代码问题漏洞

Nature Easy Soft Network Technology ZenTao is a set of open source project management software from China's Nature Easy Soft Network Technology Nature Easy Soft Network Technology. The software includes product management, project management, quality management and document management functions. ...

6.5CVSS6.5AI score0.00257EPSS
Exploits1References7
CVE
CVE
added 2025/11/29 2:24 a.m.12 views

CVE-2025-53897

CVE-2025-53897 affects Kiteworks MFT prior to 9.1.0. A crafted fake page could trick an administrator into visiting it, allowing an external attacker to access log information from the system. The issue is resolved in version 9.1.0. Affected product/version details and remediation are supported b...

6.8CVSS6.4AI score0.00172EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/28 3:16 p.m.5 views

CVE-2025-51733

Cross-Site Request Forgery CSRF vulnerability in HCL Technologies Ltd. Unica 12.0.0...

5.5CVSS5.8AI score0.00085EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:53 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Open Redirect / Server-Side Request Forgery (SSRF) bypass due to Python

Summary Python is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control...

6.1CVSS6.3AI score0.00313EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/28 11:9 a.m.7 views

CVE-2025-13378

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...

6.5CVSS5.9AI score0.00249EPSS
Exploits0References1
CVE
CVE
added 2025/11/28 3:27 a.m.13 views

CVE-2025-13737

The CVE-2025-13737 entry covers the WordPress plugin Nextend Social Login and Register (WordPress Nextend Facebook Connect) with a Cross-Site Request Forgery (CSRF) vulnerability tracked up to version 3.1.21. The underlying issue is missing or incorrect nonce validation in the unlinkUser function...

4.3CVSS4.9AI score0.00129EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/28 12:0 a.m.10 views

CVE-2025-51733

Cross-Site Request Forgery CSRF vulnerability in HCL Technologies Ltd. Unica 12.0.0...

0.00085EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 4:59 p.m.12 views

CVE-2025-62497

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed...

6.5CVSS4.3AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/27 12:30 p.m.7 views

EUVD-2025-199811

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...

6.5CVSS5.4AI score0.00249EPSS
Exploits0References6
Rows per page
Query Builder