Lucene search
K

56012 matches found

OSV
OSV
added 2025/11/06 9:7 p.m.6 views

CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS6.8AI score0.00295EPSS
Exploits1References5
NVD
NVD
added 2025/11/06 7:15 p.m.4 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

7.5CVSS0.00421EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/06 6:32 p.m.3 views

EUVD-2025-38048

Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...

4.3CVSS6.3AI score0.00101EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 4:15 p.m.2 views

CVE-2025-53316

Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...

7.1CVSS0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 3:54 p.m.8 views

CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...

7.1CVSS0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:54 p.m.2 views

CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...

7.1CVSS6.2AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 3:53 p.m.9 views

CVE-2025-48085 WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through = 0.9.17...

7.1CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:53 p.m.19 views

CVE-2025-48085

CVE-2025-48085 is a CSRF-related vulnerability reported in the WordPress plugin Simple Stripe (versions up to and including 0.9.17). The connected documents specify that a CSRF flaw can lead to a Stored XSS condition within Simple Stripe. The issue affects the WordPress Simple Stripe plugin as re...

7.1CVSS6.3AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 3:53 p.m.5 views

EUVD-2025-38022

Cross-Site Request Forgery CSRF vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through = 0.5...

6.1AI score0.00103EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/06 3:53 p.m.12 views

CVE-2025-48083 WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through = 0.5...

7.1CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:53 p.m.8 views

CVE-2025-31029

CVE-2025-31029: WordPress plugin replyMail &lt;= 1.2.0 contains a Cross-Site Request Forgery (CSRF) vulnerability. Affected software is the replyMail WordPress plugin up to version 1.2.0. Current records indicate this entry is Unpatched; no remediation patch is documented in the provided sources....

7.1CVSS5.6AI score0.00191EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:11 a.m.7 views

Security Bulletin: Due to use of QOS.CH logback, IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution

Summary Due to use of QOS.CH logback IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution CVE-2024-12801, CVE-2024-12798. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version...

5.9CVSS8.1AI score0.00404EPSS
Exploits0Affected Software3
NVD
NVD
added 2025/11/06 6:15 a.m.5 views

CVE-2025-12560

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...

4.3CVSS0.00177EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 4:15 a.m.7 views

CVE-2025-10691

The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the showeditsubpage function. This makes it possible for unauthenticated attackers to delete arbitrary...

4.3CVSS0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45380

Name of the Vulnerable Software and Affected Versions ThinkDashboard versions 0.6.7 and below Description ThinkDashboard, a self-hosted bookmark dashboard built with Go and vanilla JavaScript, contains a Blind Server-Side Request Forgery SSRF issue. The vulnerability exists in the /api/ping?url=...

5.3CVSS6.6AI score0.00295EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/11/06 12:0 a.m.10 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

6.6AI score0.00421EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.8 views

PT-2025-45172

Name of the Vulnerable Software and Affected Versions Easy Email Subscription plugin for WordPress versions up to and including 1.3 Description The Easy Email Subscription plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of, or incorrect, nonce validatio...

4.3CVSS6AI score0.00108EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45200

Cross-Site Request Forgery CSRF vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through = 0.9.17...

6.6AI score0.00103EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.3 views

WordPress plugin Contest Gallery 安全漏洞

WordPress Contest Gallery plugin is a tool for creating and managing online contest galleries that supports uploading, voting and displaying features for images, videos, audios and many other file types. WordPress Contest Gallery plugin suffers from a cross-site request forgery vulnerability that...

4.3CVSS6.6AI score0.00101EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.5 views

PT-2025-45198

Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...

6.6AI score0.00103EPSS
Exploits0References2
Rows per page
Query Builder