Lucene search
K

56013 matches found

NVD
NVD
added 2025/10/20 10:15 p.m.3 views

CVE-2025-11536

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...

5CVSS0.00218EPSS
Exploits0References2
CVE
CVE
added 2025/10/20 9:23 p.m.16 views

CVE-2025-11536

CVE-2025-11536 : Element Pack Addons for Elementor (WordPress)

5CVSS5.5AI score0.00218EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/20 6:23 p.m.5 views

CVE-2025-34282

ThingsBoard versions 4.2.1 contain a server-side request forgery SSRF vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may...

9.1CVSS7.1AI score0.01658EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2025/10/18 2:19 p.m.269 views

Exploit for Server-Side Request Forgery in Apache Solr

CVE-2021-27905 | Sr No | Title...

9.8CVSS7AI score0.93053EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2025/10/18 8:25 a.m.2 views

CVE-2025-9890 Theme Editor <= 3.0 - Cross-Site Request Forgery to Remote Code Execution

The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'themeeditortheme' page. This makes it possible for unauthenticated attackers to achieve remote code execution v...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References3
CVE
CVE
added 2025/10/18 4:25 a.m.30 views

CVE-2025-11361

CVE-2025-11361 : Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns (WordPress) is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 5.7.1 via eb_save_ai_generated_image. Authenticated attackers with Author+ privileges can issue web reques...

6.4CVSS5.3AI score0.00275EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/18 1:24 a.m.5 views

WordPress Theme Editor plugin <= 3.0 - Cross-Site Request Forgery to Remote Code Execution vulnerability

Cross-Site Request Forgery to Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Theme Editor versions = 3.0...

8.8CVSS7.2AI score0.00366EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/18 12:0 a.m.5 views

WordPress plugin Gutenberg Essential Blocks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

6.4CVSS6.9AI score0.00275EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/17 6:33 p.m.2 views

CVE-2025-34282 ThingsBoard < v4.2.1 SVG Image SSRF

ThingsBoard versions 4.2.1 contain a server-side request forgery SSRF vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may...

6.9CVSS6.8AI score0.01658EPSS
Exploits2References3
OSV
OSV
added 2025/10/17 6:18 p.m.10 views

CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module

LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...

3CVSS7AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/17 6:18 p.m.9 views

CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module

LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...

3CVSS0.00294EPSS
Exploits0References2
OSV
OSV
added 2025/10/17 5:46 p.m.8 views

GHSA-FGX4-P8XF-QHP9 Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module

Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...

3CVSS7AI score0.00294EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.3 views

Lobe Chat 代码问题漏洞

Lobe Chat is an open source, high performance chatbot framework open sourced from LobeHub. A code issue vulnerability exists in Lobe Chat version 1.136.1, which stems from tools.search.crawlPages tRPC endpoints that do not validate or restrict internal network addresses, which could lead to a...

3CVSS6.8AI score0.00294EPSS
Exploits0References3
CVE
CVE
added 2025/10/17 12:0 a.m.12 views

CVE-2025-60279

Illia Cloud illia-Builder has an SSRF vulnerability (CVE-2025-60279) affecting versions before v4.8.5. The issue allows authenticated users to cause arbitrary requests to internal services via the API, enabling port enumeration based on response discrepancies and interaction with internal service...

9.6CVSS6.5AI score0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/17 12:0 a.m.7 views

CVE-2025-60279

A server-side request forgery SSRF vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and interact with internal...

6.5AI score0.00393EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 9:28 p.m.29 views

GHSA-Q63Q-PGMF-MXHR Angular SSR has a Server-Side Request Forgery (SSRF) flaw

Impact The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr. The function createRequestUrl uses the native URL constructor. When an incoming request path e.g., originalUrl or url begins with a doub...

8.7CVSS7AI score0.00397EPSS
Exploits1References4
NVD
NVD
added 2025/10/16 9:15 p.m.2 views

CVE-2025-11864

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The...

7.5CVSS0.00412EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/16 7:42 p.m.8 views

Server-side Request Forgery (SSRF)

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createRequestUrl function. An attacker can cause the server to make arbitrary HTTP requests to external domains by supplying a...

8.7CVSS7.1AI score0.00397EPSS
Exploits1References2
NVD
NVD
added 2025/10/16 7:15 p.m.8 views

CVE-2025-62427

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

8.7CVSS0.00397EPSS
Exploits1References2
CVE
CVE
added 2025/10/16 6:50 p.m.28 views

CVE-2025-62427

CVE-2025-62427 describes a Server-Side Request Forgery in Angular SSR. The vulnerability arises in the @angular/ssr package where createRequestUrl uses the native URL constructor; if an incoming request path starts with // or \, the URL becomes schema-relative, causing the attacker-controlled hos...

8.7CVSS6.6AI score0.00397EPSS
Exploits1References2
Rows per page
Query Builder