56013 matches found
GHSA-6MGR-3374-4P3C Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery
Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...
GHSA-93MH-MX9W-M69Q Jenkins Themis Plugin vulnerable to cross-site request forgery
Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...
CVE-2025-64138
A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2025-64133
A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...
CVE-2024-45161
A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution...
CVE-2025-64141
CVE-2025-64141 describes a CSRF vulnerability in Jenkins Nexus Task Runner Plugin, affecting versions 0.9.2 and earlier. An attacker can cause the controller to connect to an attacker‑specified URL using attacker‑specified credentials via an HTTP endpoint (CSRF). Exploitation details are not prov...
CVE-2025-64138
The CVE-2025-64138 entry concerns Jenkins Start Windocks Containers Plugin (versions 1.4 and earlier). The issue is a CSRF vulnerability in an HTTP endpoint that allows attackers with Overall/Read permission to trigger connections to an attacker-specified URL, even without POST requests. Multiple...
CVE-2025-12058
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
UBUNTU-CVE-2025-12058
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
CVE-2025-64288 WordPress Premmerce plugin <= 1.3.19 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through = 1.3.19...
CVE-2025-64226
CVE-2025-64226 is a CSRF vulnerability in the WordPress plugin Stockie Extra (stockie-extra), affecting versions up to and including 1.2.11. The issue enables Cross-Site Request Forgery where an attacker could abuse authenticated sessions to perform unwanted actions on behalf of a user. The CVSS ...
CVE-2025-64226 WordPress Stockie Extra plugin <= 1.2.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through = 1.2.11...
PT-2025-44282
Name of the Vulnerable Software and Affected Versions Jenkins Extensible Choice Parameter Plugin versions 239.v5f5c278708cf and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Extensible Choice Parameter Plugin. This allows attackers to execute sandboxed Groovy...
CVE-2024-45161
A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution...
WordPress plugin Stockie Extra 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2024-45161
CVE-2024-45161 describes a CSRF vulnerability in the administrative web GUI of Blu-Castle BCUM221E running version 1.0.0P220507. The issue can be triggered via a crafted URL, image load, or XMLHttpRequest, potentially leading to exposure of data or unintended code execution. The CVE notes a netwo...
PT-2025-44268
Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The Keras Model.load model method is susceptible to arbitrary local file loading and Server-Side Request Forgery SSRF, even when safe mode=True is enabled. This issue arises from the handling o...
CVE-2025-60898
An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...
WordPress plugin PowerPress Podcasting 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...