AVTECH DVR 安全漏洞

AVTECH DVR is a digital video recording host from AVTECH Corporation. A security vulnerability exists in AVTECH DVR that originates from a server-side request forgery in the unauthenticated /cgi-bin/nobody/Search.cgi endpoint, which could lead to the disclosure of sensitive data...

diyhi bbs 安全漏洞

diyhi bbs patrol cloud light forum system is a forum system for diyhi individual developers. A security vulnerability exists in diyhi bbs version 6.8 and earlier, which stems from improper manipulation of the Host parameter in the getUrl function of the HTTP header processing component, which cou...

AZL-64244 CVE-2025-50181 affecting package python-pip for versions less than 24.2-5

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

Apache Kafka Client 安全漏洞

Apache Kafka Client is a Kafka client from the Apache USA Foundation. A security vulnerability exists in Apache Kafka Client that stems from insufficient validation of configuration data, which could lead to arbitrary file reads and server-side request forgery...

CVE-2023-0574

Server-Side Request Forgery SSRF, Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communicati...

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

SUSE CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF versions prior to 0.45.0, which stems from a flaw in WeasyPrint's handling of HTML tags that could lead to server-side request...

CVE-2025-3691

A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

WordPress Photography theme < 7.7.6 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Photography versions 7.7.6...

PYSEC-2025-16

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

PYSEC-2025-48

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

CVE-2025-28091

maccms10 v2025.1000.4047 has a Server-Side Request Forgery SSRF vulnerability via Add Article...

Medium: batik

Issue Overview: Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some...

Applio 代码问题漏洞

Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery and file write issue in modeldownload.py, and could lead to an attacker sending requests on behalf of t...

Dell SmartFabric OS10 代码问题漏洞

Dell SmartFabric OS10 is a Linux-based network switch operating system from Dell Dell. Dell SmartFabric OS10 suffers from a server-side request forgery vulnerability, which stems from the server not implementing an adequate authentication mechanism to confirm the origin of the request, and can be...

CVE-2025-25760

A Server-Side Request Forgery SSRF in the component adminwebgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request...

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version 0.23.0 that stems from insufficient user-supplied URL validation, which could lead to an SSRF attack...

JIP InfoBridge FileMegane 代码问题漏洞

JIP InfoBridge FileMegane is an application from JIP InfoBridge Japan. A code issue vulnerability exists in JIP InfoBridge FileMegane versions prior to 3.0.0.0 through 3.4.0.0, which stems from server-side request forgery SSRF and could allow execution of arbitrary back-end Web API requests,...

Label Studio 代码问题漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. It allows you to label data types such as audio, text, images, video, and time series using a straightforward UI and export to a variety of model formats. A code issue vulnerability exists in Label Studio versions prior t...