56012 matches found
CVE-2025-60541
A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...
PT-2025-45351
Name of the Vulnerable Software and Affected Versions linshenkx prompt-optimizer versions 1.3.0 through 1.4.2 Description A Server-Side Request Forgery SSRF exists in the /api/proxy/ component. This allows attackers to scan internal resources by sending a specially crafted request. The api/proxy...
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...
EUVD-2025-37958
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...
CVE-2025-62719
LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...
Exploit for Server-Side Request Forgery in Jetbrains Teamcity
TeamCity IntelliJ IDEA Plugin credential interception CVE-20...
CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...
CVE-2025-12388
The CVE-2025-12388 entry concerns the WordPress plugin “B Carousel Block – Responsive Image and Content Carousel” (versions up to and including 1.1.5). The connected sources corroborate a Server-Side Request Forgery (SSRF) vulnerability caused by failure to validate user-supplied URLs before pass...
CVE-2025-11917
The CVE-2025-11917 entry concerns the WordPress WPeMatico RSS Feed Fetcher plugin. A Server-Side Request Forgery (SSRF) flaw exists in versions up to and including 2.8.11, exploitable via the wpematico_test_feed() function. Authenticated attackers with Subscriber-level access or higher can cause ...
CVE-2025-12403
The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on the brzonadminpanel function. This makes it possible for unauthenticated attackers to update settings an...
CVE-2025-12400
The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...
WordPress plugin B Carousel Block – Responsive Image and Content Carousel 代码问题漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin B...
PT-2025-45382
Name of the Vulnerable Software and Affected Versions Parse Server versions 4.2.0 through 7.5.3 Parse Server versions 8.0.0 through 8.3.1-alpha.1 Description Parse Server is an open source backend deployable on Node.js infrastructures. A Server-Side Request Forgery SSRF exists in the file upload...
CVE-2025-62719
LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...
CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality
LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url parameter in the /api/images/cache endpoint. An attacker can cause the server to download arbitrary content by supplying a crafted URL. This is only exploitable if the attacker is an...
WordPress LMB^Box Smileys plugin <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin LMB^Box Smileys versions = 3.2...
CVE-2025-12456
The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged reques...
CVE-2025-12402 LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. This is due to missing or incorrect nonce validation on the linkedinresumeprintAdminPage function. This makes it possible for unauthenticated attackers to update settin...