CVE-2025-64327

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

WordPress Blog2Social plugin <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url vulnerability

Authenticated Subscriber+ Blind Server-Side Request Forgery via posturl vulnerability discovered by LionTree in WordPress Plugin Blog2Social versions = 8.6.0...

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China Mito MetInfo. A security vulnerability exists in MetInfo CMS 8.1 and prior versions, which stems from a flaw in the XML parsing logic and could lead to a server-side request forgery attack...

Lexmark Printers Server-Side Request Forgery (SSRF) (CVE-2023-23560)

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...

EUVD-2025-37024

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

CVE-2025-12058

The CVE describes a vulnerability in Keras Model.load_model where the StringLookup layer can load a local file or fetch remote content during model loading, enabling arbitrary local file reads and SSRF even when safe_mode=True. IBM bulletins link affected packages (keras-3.11.3 wheel; keras-2.14....

CVE-2025-36085 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-10874

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user m...

WordPress plugin Orbit Fox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-10705

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible for unauthenticated...

Security Bulletin: IBM webMethods Integration Sever is affected by server-side request forgery (SSRF)

Summary IBM webMethods Integration Sever is affected by server-side request forgery SSRF. CVE-2025-36037 Vulnerability Details CVEID:CVE-2025-36037 DESCRIPTION: IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : FFmpeg vulnerabilities (USN-7830-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7830-1 advisory. It was discovered that FFmpeg incorrectly handled the return values of functions in its Firequalizer filter and in th...

Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution and Server-Side Request Forgery (CVE-2025-27818, CVE-2025-27817)

Summary IBM Event Streams is vulnerable to remote code execution via unsafe deserialization in Kafka Connect configurations, and another enabling server-side request forgery and arbitrary file read through misconfigured OAuthBearer endpoints in Kafka Clients. Vulnerability Details...

CVE-2025-62505

LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...

WordPress Essential Blocks plugin <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.1...

Angular SSR has a Server-Side Request Forgery (SSRF) flaw

Impact The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr. The function createRequestUrl uses the native URL constructor. When an incoming request path e.g., originalUrl or url begins with a doub...

EUVD-2025-34539

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

CVE-2025-60540

CVE-2025-60540 is documented as a Server-Side Request Forgery (SSRF) affecting karakeep versions from v0.26.0 up to v0.7.0. The connected sources confirm the affected product and range of vulnerable versions and repeat the same description across multiple feeds, but do not provide concrete remedi...

CVE-2025-11636

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035FW036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high...