CVE-2025-49335 WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through = 1.0.36...

CVE-2025-1142

IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-68437

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

CVE-2024-2090

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...

CVE-2025-61916

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

CVE-2026-0649

Invoice Ninja up to 5.12.38 is affected by a server-side request forgery in the Migration Import component. The vulnerability is in the copy function of /app/Jobs/Util/Import.php where manipulation of the company_logo argument can be exploited remotely. Public disclosures exist; exploitation deta...

Bio-Formats 代码问题漏洞

Bio-Formats is an Open Microscopy Environment open source Java library for reading and writing various microscopy imaging proprietary file formats. A code issue vulnerability exists in Bio-Formats 8.3.0 and prior versions that stems from an XML external entity vulnerability in the Leica...

Knowage 代码问题漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A code issue vulnerability exists in Knowage versions prior to 8.1.37, which stems from the presence of blind server-side request forgery that could lead an attacker to scan...

PT-2026-1682

Name of the Vulnerable Software and Affected Versions Smartliving SmartLAN/G/SI versions 6.x and earlier Description Smartliving SmartLAN/G/SI software is affected by an unauthenticated server-side request forgery issue. The issue resides in the GetImage functionality and is triggered through the...

LibreChat 代码问题漏洞

LibreChat is a free, highly customizable, unified AI conversation platform open-sourced by LibreChat, capable of aggregating and running large models from any vendor in a single interface. A code issue vulnerability exists in LibreChat version 0.8.1-rc2, which stems from a missing restriction in...

PT-2026-2160

Name of the Vulnerable Software and Affected Versions Bio-Formats versions up to and including 8.3.0 Description Bio-Formats versions up to and including 8.3.0 have an XML External Entity XXE issue in the Leica Microsystems metadata parsing component, such as XLEF. The parser uses an insecurely...

WordPress plugin External Media 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2026-1820

Name of the Vulnerable Software and Affected Versions Knowage versions prior to 8.1.37 Description Knowage is an analytics and business intelligence suite. Versions prior to 8.1.37 contain a blind server-side request forgery issue. This allows attackers to send requests to arbitrary hosts and...

PT-2026-1934

Name of the Vulnerable Software and Affected Versions LibreChat version 0.8.1-rc2 Description LibreChat, a ChatGPT clone with additional features, is susceptible to a server-side request forgery SSRF issue. This occurs because of missing restrictions within the Actions feature in its default...

WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin IMGspider versions = 2.3.12...

GHSA-8V65-47JX-7MFR Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability

Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...

CVE-2025-14438

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests...

CVE-2025-14438 Xagio SEO <= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request Forgery

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests...