Lucene search
K

56012 matches found

Cvelist
Cvelist
added 2025/11/25 7:28 a.m.5 views

CVE-2025-12586 Conditional Maintenance Mode for WordPress <= 1.0.0 - Cross-Site Request Forgery

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation when toggling the maintenance mode status. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00141EPSS
Exploits0References3
OSV
OSV
added 2025/11/25 5:16 a.m.3 views

CVE-2025-62497

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed...

6.5CVSS5.7AI score0.00094EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/25 4:37 a.m.7 views

CVE-2025-62497

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed...

3.1CVSS0.00094EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/25 12:4 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass method. An attacker can access internal network resources by leveraging a 302 redirect to bypass existing security restrictions. PoC python from flask import Flask, redirect app = Flasknam...

8.5CVSS6.6AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48000

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. This makes it possible for unauthenticated attackers to add, modify, or delete website configuratio...

4.3CVSS5.5AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.7 views

PT-2025-47999

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation when toggling the maintenance mode status. This makes it possible for unauthenticated attackers to...

4.3CVSS5.4AI score0.00141EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 11:56 p.m.4 views

EUVD-2025-198983

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...

8.5CVSS6.3AI score0.00259EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/24 11:56 p.m.10 views

CVE-2025-62155 QuantumNous New API Has SSRF Bypass

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...

8.5CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2025/11/24 11:56 p.m.16 views

CVE-2025-62155

The CVE-2025-62155 entry concerns QuantumNous/new-api. A SSRF vulnerability existed prior to version 0.9.6 where the fix only protected the first URL request; an attacker could bypass via a 302 redirect and reach internal/intranet resources. The issue has been addressed in version 0.9.6, accordin...

8.5CVSS6.5AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2025/11/24 8:15 p.m.5 views

CVE-2025-56400

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

8.8CVSS0.00137EPSS
Exploits0References2
OSV
OSV
added 2025/11/24 5:16 p.m.1 views

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

6.5CVSS5.8AI score0.00138EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/11/23 12:24 p.m.5 views

WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by mcdruid in WordPress Plugin External Media versions = 1.0.36...

4.9CVSS7.1AI score0.00119EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/23 12:0 a.m.4 views

PT-2025-47865

Name of the Vulnerable Software and Affected Versions WP Shortcodes Plugin – Shortcodes Ultimate versions prior to 7.4.6 Description The Shortcodes Ultimate plugin for WordPress is susceptible to Server-Side Request Forgery SSRF. This allows authenticated attackers with Administrator-level access...

6.4CVSS6.1AI score0.00162EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/22 12:0 a.m.4 views

RHEL 8 : idm:DL1 (RHSA-2025:21819)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21819 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

8.6CVSS5.8AI score0.00453EPSS
Exploits0References6
OSV
OSV
added 2025/11/21 9:49 p.m.10 views

CVE-2025-65107 Langfuse SSO Account Takeover via CSRF or phishing attack

Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from 3.17.0 to before 3.131.0, in SSO provider configurations without an explicit AUTHCHECK setting, a potential account takeover may happen if an authenticated user is made to call...

6.5CVSS6.6AI score0.00133EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/21 8:29 p.m.5 views

EUVD-2025-198511

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the '/custom-font-code/custom-fonts-uploads.php' file. This makes it possib...

8.8CVSS6.6AI score0.00211EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.5 views

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

7.8CVSS7.1AI score0.00346EPSS
Exploits1References1
Rockylinux
Rockylinux
added 2025/11/21 6:19 p.m.3 views

python-kdcproxy security update

An update is available for python-kdcproxy. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

8.6CVSS7AI score0.00453EPSS
Exploits0
CVE
CVE
added 2025/11/21 12:29 p.m.11 views

CVE-2025-66064

CVE-2025-66064 : WordPress plugin Giveaways and Contests by RafflePress (versions = 1.12.20 or as indicated by the vendor) or apply vendor-provided mitigation per the connected docs. Monitor for additional updates from Red Hat/ENISA/CVE listings as referenced.

4.3CVSS6.5AI score0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/21 12:29 p.m.3 views

EUVD-2025-198480

Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

4.3CVSS6.3AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder