CVE-2025-11648

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TFFQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are high...

CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035FW036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035FW036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high...

HCL Unica Centralized Offer Management 安全漏洞

HCL Unica Centralized Offer Management is a module of HCL India responsible for the unified management and distribution of offers. A security vulnerability exists in HCL Unica Centralized Offer Management that stems from improper input validation and could lead to a server-side request forgery...

KUNO 代码问题漏洞

KUNO is a blogging application by the individual developer XueMian ICT.RUN. A code issue vulnerability exists in KUNO versions prior to 1.3.15, which stems from the media module allowing the upload of specially crafted SVG files, which could lead to a server-side request forgery attack...

CVE-2025-11286

CVE-2025-11286 affects samanhappy MCPHub up to version 0.9.10. The flaw is in src/controllers/serverController.ts of the MCPRouter Service, where manipulation of the baseUrl argument enables server-side request forgery (SSRF). Exploitation can be remote; the exploit has been publicly disclosed. T...

EUVD-2025-24186

Malicious code in bioql PyPI...

EUVD-2025-29357

Malicious code in bioql PyPI...

EUVD-2025-32026

Malicious code in bioql PyPI...

EUVD-2025-27456

Malicious code in bioql PyPI...

CVE-2025-11046

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-10137

The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

CVE-2025-11046

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin PopAd versions = 1.0.4...

CVE-2020-36851 Rob--W cors-anywhere Misconfigured CORS Proxy Allows SSRF

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

CVE-2025-10764

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...

CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...

CVE-2025-58005

CVE-2025-58005 is a Server-Side Request Forgery (SSRF) vulnerability in the DriCub WordPress theme (DriCub – Driving School WordPress Theme) affecting version 2.9 and earlier. The connected Wordfence vulnerability detail confirms an unauthenticated SSRF condition with a Patch Status of Unpatched,...

CVE-2025-36037 IBM webMethods Integration server-side request forgery

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Flowise 代码问题漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A code issue vulnerability exists in Flowise version 3.0.5, which stems from a server-side request forgery in the /api/v1/fetch-links endpoint that could allow an attacker to use the server as a proxy to access internal...