Lucene search
K

56010 matches found

EUVD
EUVD
added 2025/11/10 9:34 p.m.6 views

EUVD-2025-50811

Soft Serve is vulnerable to SSRF through its Webhooks...

9.1CVSS6.4AI score0.00307EPSS
Exploits1References4
NVD
NVD
added 2025/11/10 3:15 p.m.8 views

CVE-2025-63711

A Cross-Site Request Forgery CSRF vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint e.g.,...

7.1CVSS0.00178EPSS
Exploits1References2
Veracode
Veracode
added 2025/11/10 9:14 a.m.9 views

Server-Side Request Forgery (SSRF)

cors-anywhere is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to instances being configured as open proxies that forward attacker-controlled target URLs, methods, and headers without restriction, which allows an attacker to induce requests to internal-only endpoints...

9.5CVSS7AI score0.01005EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/10 12:0 a.m.6 views

CVE-2025-63711

A Cross-Site Request Forgery CSRF vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint e.g.,...

6.6AI score0.00178EPSS
Exploits1References2
CVE
CVE
added 2025/11/10 12:0 a.m.11 views

CVE-2025-63712

SourceCodester Product Expiry Management System’s User Management module (delete-user.php) is affected by a CSRF vulnerability. The endpoint authenticates via session cookies only and lacks CSRF protection, enabling remote attackers to delete arbitrary user accounts through forged cross-origin GE...

8.8CVSS6.7AI score0.00186EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/11/07 5:55 p.m.14 views

CVE-2025-64430

CVE-2025-64430 affects Parse Server: SSRF in the file upload path when using a Parse.File with a uri parameter. Versions affected are 4.2.0–7.5.3 and 8.0.0–8.3.1-alpha.1. The issue arises because the server retrieves file data from the provided URI during upload, but the response is not stored an...

7.5CVSS6.6AI score0.00576EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/07 5:55 p.m.10 views

CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS0.00576EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/07 5:32 p.m.7 views

CVE-2025-62950

Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...

4.3CVSS6.9AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.10 views

CVE-2025-48077

Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...

7.1CVSS6.6AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.10 views

CVE-2025-48083

Cross-Site Request Forgery CSRF vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through = 0.5...

7.1CVSS6.6AI score0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 5:46 a.m.7 views

CVE-2025-12560

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/07 2:58 a.m.4 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.3AI score0.00293EPSS
Exploits0References1
OSV
OSV
added 2025/11/07 2:58 a.m.6 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.8AI score0.00293EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.3 views

QNAP Systems QuLog Center 跨站请求伪造漏洞

QNAP Systems QuLog Center is a report field for QNAP Systems that logs events reported by the system. A cross-site request forgery vulnerability exists in QNAP Systems QuLog Center versions prior to 1.8.2.927, which stems from susceptibility to a cross-site request forgery attack that could resul...

8.8CVSS6.8AI score0.00213EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.6 views

PT-2025-45478

Name of the Vulnerable Software and Affected Versions SourceCodester Leads Manager Tool version 1.0 Description The application is susceptible to Cross-Site Request Forgery CSRF attacks, enabling unauthorized modification of application state. The application does not implement CSRF protection...

6.6AI score0.00132EPSS
Exploits1References6
EUVD
EUVD
added 2025/11/06 9:31 p.m.3 views

EUVD-2025-38155

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

6.3AI score0.00208EPSS
Exploits1References3
EUVD
EUVD
added 2025/11/06 9:7 p.m.4 views

EUVD-2025-38186

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS6.2AI score0.00295EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/06 9:7 p.m.4 views

CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS6.3AI score0.00295EPSS
Exploits1References3
OSV
OSV
added 2025/11/06 9:7 p.m.6 views

CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS6.8AI score0.00295EPSS
Exploits1References5
NVD
NVD
added 2025/11/06 7:15 p.m.4 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

7.5CVSS0.00421EPSS
Exploits1References2
Rows per page
Query Builder