Lucene search
K

56012 matches found

Vulnrichment
Vulnrichment
added 2025/11/06 12:0 a.m.2 views

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

6.4AI score0.00208EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.5 views

PT-2025-45351

Name of the Vulnerable Software and Affected Versions linshenkx prompt-optimizer versions 1.3.0 through 1.4.2 Description A Server-Side Request Forgery SSRF exists in the /api/proxy/ component. This allows attackers to scan internal resources by sending a specially crafted request. The api/proxy...

7.3CVSS6.6AI score0.00208EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/05 11:52 p.m.2 views

CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...

9.3CVSS6.3AI score0.00964EPSS
Exploits1References3
EUVD
EUVD
added 2025/11/05 11:52 p.m.4 views

EUVD-2025-37958

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...

9.3CVSS6.2AI score0.00964EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/05 11:52 p.m.7 views

CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...

9.3CVSS0.00964EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/05 10:4 p.m.9 views

CVE-2025-62719

LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...

4.3CVSS6.6AI score0.00278EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/11/05 1:12 p.m.268 views

Exploit for Server-Side Request Forgery in Jetbrains Teamcity

TeamCity IntelliJ IDEA Plugin credential interception CVE-20...

7.5CVSS7AI score0.0134EPSS
Exploits1
Cvelist
Cvelist
added 2025/11/05 6:35 a.m.5 views

CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery

The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...

6.4CVSS0.00192EPSS
Exploits0References3
CVE
CVE
added 2025/11/05 6:35 a.m.13 views

CVE-2025-12388

The CVE-2025-12388 entry concerns the WordPress plugin “B Carousel Block – Responsive Image and Content Carousel” (versions up to and including 1.1.5). The connected sources corroborate a Server-Side Request Forgery (SSRF) vulnerability caused by failure to validate user-supplied URLs before pass...

6.4CVSS5.3AI score0.00192EPSS
Exploits0References3
CVE
CVE
added 2025/11/05 6:34 a.m.11 views

CVE-2025-11917

The CVE-2025-11917 entry concerns the WordPress WPeMatico RSS Feed Fetcher plugin. A Server-Side Request Forgery (SSRF) flaw exists in versions up to and including 2.8.11, exploitable via the wpematico_test_feed() function. Authenticated attackers with Subscriber-level access or higher can cause ...

6.4CVSS5.4AI score0.00199EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.6 views

CVE-2025-12403

The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS5.3AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.5 views

CVE-2025-12400

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.4 views

WordPress plugin B Carousel Block – Responsive Image and Content Carousel 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin B...

6.4CVSS6.7AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.5 views

PT-2025-45382

Name of the Vulnerable Software and Affected Versions Parse Server versions 4.2.0 through 7.5.3 Parse Server versions 8.0.0 through 8.3.1-alpha.1 Description Parse Server is an open source backend deployable on Node.js infrastructures. A Server-Side Request Forgery SSRF exists in the file upload...

7.5CVSS6.9AI score0.00576EPSS
Exploits0References17
NVD
NVD
added 2025/11/04 10:16 p.m.5 views

CVE-2025-62719

LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...

4.3CVSS0.00278EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/04 9:57 p.m.11 views

CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality

LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...

2.3CVSS0.00278EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/04 2:30 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url parameter in the /api/images/cache endpoint. An attacker can cause the server to download arbitrary content by supplying a crafted URL. This is only exploitable if the attacker is an...

8.9CVSS6.6AI score0.00264EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/04 5:21 a.m.11 views

WordPress LMB^Box Smileys plugin <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin LMB^Box Smileys versions = 3.2...

6.1CVSS5.6AI score0.00127EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/04 5:16 a.m.10 views

CVE-2025-12456

The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged reques...

6.1CVSS0.00127EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.9 views

CVE-2025-12402 LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. This is due to missing or incorrect nonce validation on the linkedinresumeprintAdminPage function. This makes it possible for unauthenticated attackers to update settin...

6.1CVSS0.00127EPSS
Exploits0References4
Rows per page
Query Builder