Lucene search
K

56013 matches found

OSV
OSV
added 2025/10/29 3:31 p.m.10 views

GHSA-6MGR-3374-4P3C Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site reque...

4.3CVSS6.7AI score0.0019EPSS
Exploits0References4
OSV
OSV
added 2025/10/29 3:31 p.m.4 views

GHSA-93MH-MX9W-M69Q Jenkins Themis Plugin vulnerable to cross-site request forgery

Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...

4.3CVSS6.7AI score0.00206EPSS
Exploits0References4
NVD
NVD
added 2025/10/29 2:15 p.m.9 views

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS0.0019EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 2:15 p.m.3 views

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

5.4CVSS5.8AI score0.00236EPSS
Exploits0References2
NVD
NVD
added 2025/10/29 2:15 p.m.3 views

CVE-2024-45161

A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution...

4.6CVSS0.00135EPSS
Exploits0References2
CVE
CVE
added 2025/10/29 1:29 p.m.15 views

CVE-2025-64141

CVE-2025-64141 describes a CSRF vulnerability in Jenkins Nexus Task Runner Plugin, affecting versions 0.9.2 and earlier. An attacker can cause the controller to connect to an attacker‑specified URL using attacker‑specified credentials via an HTTP endpoint (CSRF). Exploitation details are not prov...

4.3CVSS6.4AI score0.0019EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/10/29 1:29 p.m.18 views

CVE-2025-64138

The CVE-2025-64138 entry concerns Jenkins Start Windocks Containers Plugin (versions 1.4 and earlier). The issue is a CSRF vulnerability in an HTTP endpoint that allows attackers with Overall/Read permission to trigger connections to an attacker-specified URL, even without POST requests. Multiple...

4.3CVSS6.4AI score0.0019EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/10/29 9:15 a.m.3 views

CVE-2025-12058

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS0.00239EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 9:15 a.m.3 views

UBUNTU-CVE-2025-12058

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS7.4AI score0.00239EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/29 8:48 a.m.311 views

CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/29 8:38 a.m.3 views

CVE-2025-64288 WordPress Premmerce plugin <= 1.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through = 1.3.19...

4.3CVSS6.5AI score0.00117EPSS
Exploits0References1
CVE
CVE
added 2025/10/29 8:38 a.m.17 views

CVE-2025-64226

CVE-2025-64226 is a CSRF vulnerability in the WordPress plugin Stockie Extra (stockie-extra), affecting versions up to and including 1.2.11. The issue enables Cross-Site Request Forgery where an attacker could abuse authenticated sessions to perform unwanted actions on behalf of a user. The CVSS ...

4.3CVSS6.5AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/29 8:38 a.m.9 views

CVE-2025-64226 WordPress Stockie Extra plugin <= 1.2.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through = 1.2.11...

4.3CVSS0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.5 views

PT-2025-44282

Name of the Vulnerable Software and Affected Versions Jenkins Extensible Choice Parameter Plugin versions 239.v5f5c278708cf and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Extensible Choice Parameter Plugin. This allows attackers to execute sandboxed Groovy...

5.4CVSS6.7AI score0.00236EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/10/29 12:0 a.m.2 views

CVE-2024-45161

A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution...

7.2AI score0.00135EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.5 views

WordPress plugin Stockie Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.5AI score0.00117EPSS
Exploits0References1
CVE
CVE
added 2025/10/29 12:0 a.m.11 views

CVE-2024-45161

CVE-2024-45161 describes a CSRF vulnerability in the administrative web GUI of Blu-Castle BCUM221E running version 1.0.0P220507. The issue can be triggered via a crafted URL, image load, or XMLHttpRequest, potentially leading to exposure of data or unintended code execution. The CVE notes a netwo...

4.6CVSS7.2AI score0.00135EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.4 views

PT-2025-44268

Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The Keras Model.load model method is susceptible to arbitrary local file loading and Server-Side Request Forgery SSRF, even when safe mode=True is enabled. This issue arises from the handling o...

5.9CVSS7.5AI score0.00239EPSS
Exploits0References25
Cvelist
Cvelist
added 2025/10/29 12:0 a.m.5 views

CVE-2025-60898

An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...

0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.4 views

WordPress plugin PowerPress Podcasting 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.6AI score0.00117EPSS
Exploits0References1
Rows per page
Query Builder