Lucene search
K

56006 matches found

CNNVD
CNNVD
added 2025/11/21 12:0 a.m.3 views

WordPress plugin Seriously Simple Podcasting 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

4.3CVSS6.6AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.8 views

CVE-2025-12359

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

5.4CVSS5.7AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/20 8:8 a.m.3 views

CVE-2025-62346 HCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability

A Cross-Site Request Forgery CSRF vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint...

6.8CVSS6.5AI score0.00097EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/20 5:58 a.m.4 views

Important: Red Hat Security Advisory: python-kdcproxy security update

An update for python-kdcproxy is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

8.6CVSS5.8AI score0.00453EPSS
Exploits0References3
CNVD
CNVD
added 2025/11/20 12:0 a.m.3 views

Student Record System manage-students.php Component Cross-Site Request Forgery Vulnerability

Student Record System is a software application. Student Record System suffers from a cross-site request forgery vulnerability that stems from the manage-students.php component not adequately verifying that a request is from a trusted user, which could be exploited by an attacker to cause...

7.5CVSS6.8AI score0.002EPSS
Exploits2References1
CNVD
CNVD
added 2025/11/20 12:0 a.m.5 views

WordPress Icon List Block plugin server-side request forgery vulnerability

WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...

6.4CVSS6.5AI score0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 3: mod_http2 (TSSA-2022:0259)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0259 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.2CVSS7.5AI score0.82295EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

TencentOS Server 3: httpd:2.4 (TSSA-2024:0763)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0763 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

9.8CVSS7.4AI score0.41611EPSS
Exploits0References2
OSV
OSV
added 2025/11/19 9:15 p.m.4 views

CVE-2025-13147

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/19 8:45 p.m.9 views

CVE-2025-13147 External Service Interaction (DNS)

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

5.3CVSS0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/19 2:10 p.m.7 views

CVE-2025-12376

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.4CVSS5.8AI score0.00162EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/19 8:16 a.m.3 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00397EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.10 views

PT-2025-47442

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wp rest to unauthenticated users via the 'wp ajax nopriv rest-nonce' action. While the plugi...

5.3CVSS6.2AI score0.00181EPSS
Exploits0References5
OSV
OSV
added 2025/11/18 7:15 p.m.4 views

CVE-2025-63955

A Cross-Site Request Forgery CSRF vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of...

7.5CVSS5.7AI score0.002EPSS
Exploits2References2
EUVD
EUVD
added 2025/11/18 3:30 p.m.4 views

EUVD-2025-198002

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. The vendor was notified early about this...

6.8CVSS6.4AI score0.0015EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 3:16 p.m.7 views

CVE-2025-12376

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.4CVSS0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/18 1:54 p.m.8 views

CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.4CVSS0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/18 1:26 p.m.9 views

CVE-2025-59110 Cross-Site Request Forgery in Windu CMS

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was tested and confirme...

6.8CVSS0.0015EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 12:30 p.m.4 views

EUVD-2025-197980

The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdbflush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

5.8CVSS5.5AI score0.00404EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 12:29 p.m.4 views

CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS0.00368EPSS
Exploits0References3
Rows per page
Query Builder