Lucene search
K

56004 matches found

EUVD
EUVD
added 2025/11/27 12:30 p.m.7 views

EUVD-2025-199811

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...

6.5CVSS5.4AI score0.00249EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/11/27 11:30 a.m.9 views

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'pineconeurl' Parameter vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

6.5CVSS7.1AI score0.00249EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/11/27 9:27 a.m.24 views

CVE-2025-13378

CVE-2025-13378 affects the WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS. Versions

6.5CVSS5.5AI score0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/27 9:27 a.m.11 views

CVE-2025-13378 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...

6.5CVSS0.00249EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/27 9:27 a.m.2 views

CVE-2025-13378 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...

6.5CVSS5.5AI score0.00249EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/26 11:18 p.m.11 views

Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client

The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery XSRF token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol...

7.7CVSS6.9AI score0.00572EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2025/11/26 11:15 p.m.2 views

UBUNTU-CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

7.7CVSS6.5AI score0.00572EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2025/11/26 10:18 p.m.5 views

CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

7.7CVSS5.9AI score0.00572EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.7 views

PT-2025-48196

Name of the Vulnerable Software and Affected Versions Angular versions prior to 19.2.16 Angular versions prior to 20.3.14 Angular versions prior to 21.0.1 Description Angular’s HttpClient has a built-in Cross-Site Request Forgery XSRF protection mechanism. When handling requests with...

7.7CVSS6.5AI score0.00572EPSS
Exploits0References28
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.2 views

PT-2025-48328

CVE-2025-66232 - Apache Struts Cross-Site Request Forgery CVE ID : CVE-2025-66232 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.9AI score
Exploits0References1
NVD
NVD
added 2025/11/25 4:16 p.m.7 views

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

9.6CVSS0.00276EPSS
Exploits4References1
OSV
OSV
added 2025/11/25 4:16 p.m.3 views

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

9.6CVSS6.2AI score0.00276EPSS
Exploits4References1
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.5 views

CVE-2025-12586 Conditional Maintenance Mode for WordPress <= 1.0.0 - Cross-Site Request Forgery

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation when toggling the maintenance mode status. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00141EPSS
Exploits0References3
OSV
OSV
added 2025/11/25 5:16 a.m.3 views

CVE-2025-62497

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed...

6.5CVSS5.7AI score0.00094EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/25 4:37 a.m.7 views

CVE-2025-62497

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed...

3.1CVSS0.00094EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/25 12:4 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass method. An attacker can access internal network resources by leveraging a 302 redirect to bypass existing security restrictions. PoC python from flask import Flask, redirect app = Flasknam...

8.5CVSS6.6AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48000

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. This makes it possible for unauthenticated attackers to add, modify, or delete website configuratio...

4.3CVSS5.5AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.7 views

PT-2025-47999

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation when toggling the maintenance mode status. This makes it possible for unauthenticated attackers to...

4.3CVSS5.4AI score0.00141EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 11:56 p.m.4 views

EUVD-2025-198983

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...

8.5CVSS6.3AI score0.00259EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/24 11:56 p.m.10 views

CVE-2025-62155 QuantumNous New API Has SSRF Bypass

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...

8.5CVSS0.00259EPSS
Exploits0References1
Rows per page
Query Builder