56009 matches found
GO-2025-4111 Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve
Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve...
EUVD-2025-197810
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-55057
Multiple CWE-352 Cross-Site Request Forgery CSRF...
CVE-2025-55057
Multiple CWE-352 Cross-Site Request Forgery CSRF...
EUVD-2025-197759
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...
PT-2025-47181
Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software is susceptible to Cross-Site Request Forgery CSRF attacks. CSRF allows an attacker to induce a user to execute unwanted actions on a web application in which they’re currently...
Exploit for CVE-2025-63955
CVE-2025-63955 – Cross-Site Request Forgery CSRF leading t...
CVE-2025-13177 Bdtask/CodeCanyon SalesERP cross-site request forgery
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but...
CVE-2025-54560
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...
CVE-2025-54560
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...
CVE-2025-64525
Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences, the most important of which are:...
BIT-ELK-2025-37734 Kibana Origin Validation Error
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...
OESA-2025-2690 python-Keras security update
Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...
SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-22259
This High severity vulnerability known as CVE-2024-22259 was introduced in 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.9.0...
SSRF (Server-Side Request Forgery) Third-Party Dependency in Confluence Data Center and Server - CVE-2023-42282
This is a critical vulnerability in a non-Atlassian Confluence dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This Critical...
CVE-2025-52186
Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...
PT-2025-47001
Name of the Vulnerable Software and Affected Versions Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System versions up to 20250320 Description A cross-site request forgery issue exists in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System. The...
CVE-2025-54560
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...
Bdtask SalesERP 安全漏洞
Bdtask SalesERP is a sales enterprise resource planning software from Bdtask Bangladesh. A security vulnerability exists in Bdtask SalesERP 20250728 and prior versions that stems from cross-site request forgery...
Rockwell Automation Studio 5000 Simulation Interface Server-Side Request Forgery Vulnerability
Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...