56012 matches found
CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint
ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
EUVD-2025-38048
Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...
CVE-2025-53316
Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...
CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...
CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...
CVE-2025-48085 WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through = 0.9.17...
CVE-2025-48085
CVE-2025-48085 is a CSRF-related vulnerability reported in the WordPress plugin Simple Stripe (versions up to and including 0.9.17). The connected documents specify that a CSRF flaw can lead to a Stored XSS condition within Simple Stripe. The issue affects the WordPress Simple Stripe plugin as re...
EUVD-2025-38022
Cross-Site Request Forgery CSRF vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through = 0.5...
CVE-2025-48083 WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through = 0.5...
CVE-2025-31029
CVE-2025-31029: WordPress plugin replyMail <= 1.2.0 contains a Cross-Site Request Forgery (CSRF) vulnerability. Affected software is the replyMail WordPress plugin up to version 1.2.0. Current records indicate this entry is Unpatched; no remediation patch is documented in the provided sources....
Security Bulletin: Due to use of QOS.CH logback, IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution
Summary Due to use of QOS.CH logback IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution CVE-2024-12801, CVE-2024-12798. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version...
CVE-2025-12560
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...
CVE-2025-10691
The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the showeditsubpage function. This makes it possible for unauthenticated attackers to delete arbitrary...
PT-2025-45380
Name of the Vulnerable Software and Affected Versions ThinkDashboard versions 0.6.7 and below Description ThinkDashboard, a self-hosted bookmark dashboard built with Go and vanilla JavaScript, contains a Blind Server-Side Request Forgery SSRF issue. The vulnerability exists in the /api/ping?url=...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
PT-2025-45172
Name of the Vulnerable Software and Affected Versions Easy Email Subscription plugin for WordPress versions up to and including 1.3 Description The Easy Email Subscription plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of, or incorrect, nonce validatio...
PT-2025-45200
Cross-Site Request Forgery CSRF vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through = 0.9.17...
WordPress plugin Contest Gallery 安全漏洞
WordPress Contest Gallery plugin is a tool for creating and managing online contest galleries that supports uploading, voting and displaying features for images, videos, audios and many other file types. WordPress Contest Gallery plugin suffers from a cross-site request forgery vulnerability that...
PT-2025-45198
Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...