Lucene search
K

56009 matches found

OSV
OSV
added 2025/11/17 7:11 p.m.7 views

GO-2025-4111 Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve

Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve...

9.1CVSS6.9AI score0.00307EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/17 6:30 p.m.6 views

EUVD-2025-197810

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

7.1CVSS6.6AI score0.00338EPSS
Exploits1References4
NVD
NVD
added 2025/11/17 6:15 p.m.6 views

CVE-2025-55057

Multiple CWE-352 Cross-Site Request Forgery CSRF...

8.8CVSS0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/17 5:31 p.m.7 views

CVE-2025-55057

Multiple CWE-352 Cross-Site Request Forgery CSRF...

4.5CVSS0.00129EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/17 3:30 a.m.3 views

EUVD-2025-197759

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

7.1CVSS6.4AI score0.00203EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.5 views

PT-2025-47181

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software is susceptible to Cross-Site Request Forgery CSRF attacks. CSRF allows an attacker to induce a user to execute unwanted actions on a web application in which they’re currently...

4.5CVSS6.7AI score0.00129EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/11/15 3:25 p.m.138 views

Exploit for CVE-2025-63955

CVE-2025-63955 – Cross-Site Request Forgery CSRF leading t...

7.5CVSS6.6AI score0.002EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/11/14 7:2 p.m.5 views

CVE-2025-13177 Bdtask/CodeCanyon SalesERP cross-site request forgery

A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but...

5.3CVSS4.6AI score0.00209EPSS
Exploits1References4
NVD
NVD
added 2025/11/14 6:15 p.m.5 views

CVE-2025-54560

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...

3.8CVSS0.00165EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 6:15 p.m.6 views

CVE-2025-54560

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...

3.8CVSS5.7AI score0.00165EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/14 4:5 p.m.6 views

CVE-2025-64525

Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences, the most important of which are:...

6.5CVSS6.9AI score0.01088EPSS
Exploits1References1
OSV
OSV
added 2025/11/14 2:38 p.m.10 views

BIT-ELK-2025-37734 Kibana Origin Validation Error

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

4.3CVSS6.8AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 12:39 p.m.5 views

OESA-2025-2690 python-Keras security update

Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...

5.9CVSS6.5AI score0.00239EPSS
Exploits0References2
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.16 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-22259

This High severity vulnerability known as CVE-2024-22259 was introduced in 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.9.0...

8.1CVSS6.8AI score0.02573EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.16 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Confluence Data Center and Server - CVE-2023-42282

This is a critical vulnerability in a non-Atlassian Confluence dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This Critical...

9.8CVSS7AI score0.01613EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/11/14 12:1 a.m.6 views

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

6.5CVSS7.1AI score0.0028EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.6 views

PT-2025-47001

Name of the Vulnerable Software and Affected Versions Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System versions up to 20250320 Description A cross-site request forgery issue exists in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System. The...

6.5CVSS4.4AI score0.00189EPSS
Exploits1References9
Cvelist
Cvelist
added 2025/11/14 12:0 a.m.5 views

CVE-2025-54560

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...

0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.2 views

Bdtask SalesERP 安全漏洞

Bdtask SalesERP is a sales enterprise resource planning software from Bdtask Bangladesh. A security vulnerability exists in Bdtask SalesERP 20250728 and prior versions that stems from cross-site request forgery...

8.8CVSS4.9AI score0.00209EPSS
Exploits1References5
CNVD
CNVD
added 2025/11/14 12:0 a.m.2 views

Rockwell Automation Studio 5000 Simulation Interface Server-Side Request Forgery Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...

8.9CVSS5.9AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder