Lucene search
K

56013 matches found

Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.4 views

PT-2025-44231

Name of the Vulnerable Software and Affected Versions Ays Pro Popup box versions through 5.5.4 Description A Cross-Site Request Forgery CSRF issue exists in Ays Pro Popup box, potentially allowing attackers to perform actions on behalf of authenticated users. This occurs due to insufficient...

5.3CVSS6.5AI score0.00125EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.4 views

PT-2025-44246

Name of the Vulnerable Software and Affected Versions blubrry PowerPress Podcasting versions through 11.13.12 Description A Cross-Site Request Forgery CSRF issue exists in blubrry PowerPress Podcasting. This allows attackers to potentially perform actions on behalf of authenticated users without...

4.3CVSS6.4AI score0.00117EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.4 views

PT-2025-44312

Name of the Vulnerable Software and Affected Versions Halo CMS version 2.21 Description An unauthenticated server-side request forgery SSRF exists in the Thumbnail via-uri endpoint. This allows a remote attacker to make the server send HTTP requests to URLs controlled by the attacker, potentially...

5.8CVSS6.9AI score0.00275EPSS
Exploits0References7
CVE
CVE
added 2025/10/28 7:54 p.m.10 views

CVE-2025-59837

Astro (web framework) versions 5.13.4–5.13.9 vulnerable to image proxy domain validation bypass via backslashes in the href, enabling server-side requests to arbitrary URLs and potentially SSRF and XSS. Root cause: incomplete fix for CVE-2025-58179; fix implemented in 5.13.10. Affected component:...

7.2CVSS5.6AI score0.0032EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/28 7:54 p.m.2 views

CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS5.6AI score0.0032EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/10/28 5:45 p.m.9 views

Astro's bypass of image proxy domain validation leads to SSRF and potential XSS

Summary This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes \ - the endpoint still issues a server-side fetch. PoC...

7.2CVSS7.1AI score0.0032EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/28 3:30 p.m.4 views

EUVD-2025-36533

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS6.2AI score0.0016EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/28 2:58 p.m.2 views

CVE-2025-36085 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS6.3AI score0.0016EPSS
Exploits0References1
CVE
CVE
added 2025/10/28 2:58 p.m.11 views

CVE-2025-36085

IBM Concert Software (versions 1.0.0–2.0.0) is affected by a server-side request forgery (SSRF) vulnerability. The issue arises from insufficient authentication to validate request origins, enabling an authenticated attacker to issue unauthorized requests from the affected system, potentially ena...

5.4CVSS6.3AI score0.0016EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/10/28 6:8 a.m.2 views

WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation vulnerability

Cross-Site Request Forgery to Settings Manipulation vulnerability discovered by Bao - BlueRock in WordPress Plugin Advanced Database Cleaner versions = 3.1.6...

4.3CVSS6.8AI score0.00208EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/28 5:27 a.m.6 views

CVE-2025-10145

...

0.00042EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.13 views

CVE-2025-62945

Cross-Site Request Forgery CSRF vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through = 1.0.30...

7.1CVSS6.6AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.3 views

CVE-2025-62988

Server-Side Request Forgery SSRF vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through = 1.0.3...

4.9CVSS7AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.4 views

CVE-2025-58918

Cross-Site Request Forgery CSRF vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7...

4.3CVSS5.1AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.6 views

CVE-2025-62957

Cross-Site Request Forgery CSRF vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through = 1.0.0...

7.1CVSS6.6AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.5 views

CVE-2025-62986

Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...

7.1CVSS6.6AI score0.00103EPSS
Exploits0References1
NVD
NVD
added 2025/10/27 4:15 p.m.10 views

CVE-2025-34133

Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery CSRF vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrftoken' without validating the field’s value; only the presence of the field is checked. An attacker can craf...

7CVSS0.00231EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/27 4:11 p.m.5 views

WordPress Create Posts & Terms plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Create Posts & Terms versions = 1.3.1...

7.1CVSS7AI score0.00121EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2025/10/27 2:31 p.m.11 views

New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands

Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence AI-powered assistant's memory and run arbitrary code. "This exploit can allow attackers to infect...

7.5AI score
Exploits0
EUVD
EUVD
added 2025/10/27 3:30 a.m.7 views

EUVD-2025-35959

Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...

7.1CVSS6.1AI score0.00103EPSS
Exploits0References2
Rows per page
Query Builder