56013 matches found
PT-2025-44231
Name of the Vulnerable Software and Affected Versions Ays Pro Popup box versions through 5.5.4 Description A Cross-Site Request Forgery CSRF issue exists in Ays Pro Popup box, potentially allowing attackers to perform actions on behalf of authenticated users. This occurs due to insufficient...
PT-2025-44246
Name of the Vulnerable Software and Affected Versions blubrry PowerPress Podcasting versions through 11.13.12 Description A Cross-Site Request Forgery CSRF issue exists in blubrry PowerPress Podcasting. This allows attackers to potentially perform actions on behalf of authenticated users without...
PT-2025-44312
Name of the Vulnerable Software and Affected Versions Halo CMS version 2.21 Description An unauthenticated server-side request forgery SSRF exists in the Thumbnail via-uri endpoint. This allows a remote attacker to make the server send HTTP requests to URLs controlled by the attacker, potentially...
CVE-2025-59837
Astro (web framework) versions 5.13.4–5.13.9 vulnerable to image proxy domain validation bypass via backslashes in the href, enabling server-side requests to arbitrary URLs and potentially SSRF and XSS. Root cause: incomplete fix for CVE-2025-58179; fix implemented in 5.13.10. Affected component:...
CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
Summary This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes \ - the endpoint still issues a server-side fetch. PoC...
EUVD-2025-36533
IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-36085 Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-36085
IBM Concert Software (versions 1.0.0–2.0.0) is affected by a server-side request forgery (SSRF) vulnerability. The issue arises from insufficient authentication to validate request origins, enabling an authenticated attacker to issue unauthorized requests from the affected system, potentially ena...
WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation vulnerability
Cross-Site Request Forgery to Settings Manipulation vulnerability discovered by Bao - BlueRock in WordPress Plugin Advanced Database Cleaner versions = 3.1.6...
CVE-2025-10145
...
CVE-2025-62945
Cross-Site Request Forgery CSRF vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through = 1.0.30...
CVE-2025-62988
Server-Side Request Forgery SSRF vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through = 1.0.3...
CVE-2025-58918
Cross-Site Request Forgery CSRF vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7...
CVE-2025-62957
Cross-Site Request Forgery CSRF vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through = 1.0.0...
CVE-2025-62986
Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...
CVE-2025-34133
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery CSRF vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrftoken' without validating the field’s value; only the presence of the field is checked. An attacker can craf...
WordPress Create Posts & Terms plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Create Posts & Terms versions = 1.3.1...
New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands
Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence AI-powered assistant's memory and run arbitrary code. "This exploit can allow attackers to infect...
EUVD-2025-35959
Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...