Lucene search
K

56013 matches found

Cvelist
Cvelist
added 2025/10/24 6:0 a.m.8 views

CVE-2025-10874 Orbit Fox < 3.0.2 - Author+ Server-Side Request Forgery

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user m...

0.00173EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/24 4:12 a.m.5 views

Server-Side Request Forgery (SSRF)

Flowise is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs in the /api/v1/fetch-links endpoint, which allows an attacker to exploit the server as a proxy to access internal network resources and explore their link structures...

7.5CVSS7AI score0.04628EPSS
Exploits1References7Affected Software2
RedhatCVE
RedhatCVE
added 2025/10/24 12:40 a.m.11 views

CVE-2025-56009

Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

5.3CVSS6.8AI score0.00169EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/24 12:0 a.m.3 views

WordPress Plugin Captcha.eu Server-Side Request Forgery Attack Vulnerability

WordPress Plugin Captcha.eu is a CAPTCHA plugin for the WordPress platform, which is mainly used to prevent bots from attacking and is also compliant with GDPR General Data Protection Regulation. WordPress Plugin Captcha.eu suffers from a server-side request forgery attack vulnerability that stem...

5.3CVSS7.1AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.3 views

PT-2025-43746

CVE-2025-62832 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-62832 Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

6.4AI score
Exploits0References1
NVD
NVD
added 2025/10/23 10:15 p.m.4 views

CVE-2025-59503

Server-side request forgery ssrf in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network...

10CVSS0.007EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/23 9:53 p.m.5 views

WordPress MxChat – AI Chatbot for WordPress plugin <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin MxChat versions = 2.4.6...

5.3CVSS7.1AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/10/23 9:39 p.m.7 views

WordPress Feedzy RSS Feeds Lite plugin <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Feedzy versions = 5.1.0...

5CVSS7.1AI score0.00267EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.4 views

CVE-2025-49917

Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...

4.4CVSS7AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.2 views

CVE-2025-49373

Cross-Site Request Forgery CSRF vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Cross Site Request Forgery.This issue affects Evergreen Content Poster: from n/a through = 1.4.5...

4.3CVSS6.9AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.4 views

CVE-2025-49374

Server-Side Request Forgery SSRF vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through = 1.0.61...

5.4CVSS7AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:13 p.m.5 views

CVE-2025-60132

Cross-Site Request Forgery CSRF vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...

7.1CVSS6.6AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:13 p.m.4 views

CVE-2025-62061

Cross-Site Request Forgery CSRF vulnerability in impleCode Product Catalog Simple post-type-x.This issue affects Product Catalog Simple: from n/a through = 1.8.4...

4.3CVSS7AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2025/10/23 12:32 p.m.16 views

CVE-2025-11128

CVE-2025-11128 (Feedzy RSS Feeds Lite) is an SSRF vulnerability in the RSS Aggregator by Feedzy plugin for WordPress. The flaw affects all versions up to 5.1.0 and is exploitable by authenticated attackers with Subscriber+ privileges via the feedzy_sanitize_feeds function, enabling web requests f...

5CVSS5.4AI score0.00267EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.4 views

WordPress plugin RSS Aggregator by Feedzy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin RSS...

5CVSS6.9AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.7 views

PT-2025-43564

Name of the Vulnerable Software and Affected Versions Azure Compute Gallery affected versions not specified Description An authorized attacker can elevate privileges over a network due to a server-side request forgery issue in Azure Compute Gallery. This allows for potential misuse of network...

10CVSS6.5AI score0.007EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35396

Cross-Site Request Forgery CSRF vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through 7.8.0...

6.3AI score0.00123EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/22 3:31 p.m.4 views

EUVD-2025-35421

Cross-Site Request Forgery CSRF vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through = 1.6...

5.3CVSS6.1AI score0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35424

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through = 2.1.0...

5.3CVSS6.3AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35539

Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...

6.5AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder