7287 matches found
Hasura GraphQL Engine 代码问题漏洞
Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A code issue vulnerability exists in Hasura GraphQL Engine version 1.3.3, which stems from a remote schema URL injection that could lead to server-side request forgery...
PT-2025-52691
Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description A server-side request forgery issue exists in Hasura GraphQL. Attackers can inject arbitrary remote schema URLs through the add remote schema endpoint. Exploitation involves sending crafted POST request...
PT-2025-52648
CVE-2025-14597 - Apache Struts SSRF CVE ID : CVE-2025-14597 Published : Dec. 20, 2025, 11:15 p.m. | 3 hours, 20 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details, such as CVSS...
WordPress 6Storage Rentals plugin <= 2.20.1 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin 6Storage Rentals versions = 2.20.1...
Server-side Request Forgery (SSRF)
Overview cowrie is a Cowrie SSH/Telnet Honeypot. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the emulation of wget and curl commands in shell mode. An attacker can cause the system to send arbitrary HTTP requests to external hosts by repeatedly invokin...
Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification
Summary A Server-Side Request Forgery SSRF vulnerability in Cowrie's emulated shell mode allows unauthenticated attackers to abuse the honeypot as an amplification vector for HTTP-based denial-of-service attacks against arbitrary third-party hosts. Details When Cowrie operates in emulated shell...
GHSA-83JG-M2PM-4JXJ Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification
Summary A Server-Side Request Forgery SSRF vulnerability in Cowrie's emulated shell mode allows unauthenticated attackers to abuse the honeypot as an amplification vector for HTTP-based denial-of-service attacks against arbitrary third-party hosts. Details When Cowrie operates in emulated shell...
CVE-2025-13999
The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata function. This makes it possible for unauthenticated attackers to make web...
CVE-2025-34452
Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
WordPress HTML5 Audio Player plugin 2.4.0-2.5.1 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by kr0d in WordPress Plugin Html5 Audio Player versions 2.4.0-2.5.1...
CVE-2025-13999
CVE-2025-13999 is active: the WordPress plugin “HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player” is affected by a Server-Side Request Forgery (SSRF) in versions 2.4.0 through 2.5.1 via getIcyMetadata(). Attackers can make the application perform web requests to arbitrary loc...
EUVD-2025-204401
Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...
PT-2025-52496
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0 Description Langflow is a tool for building and deploying AI-powered agents and workflows. The API Request component allows issuing arbitrary HTTP requests within a flow. Prior to version 1.7.0, the component...
WordPress plugin HTML5 Audio Player 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
CVE-2025-34452
Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...
CVE-2025-34452 Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write
Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...
CVE-2025-34452
The CVE-2025-34452 entry affects Streama versions 1.10.0–1.10.5 and prior to commit b7c8767. It describes a combined path traversal and server-side request forgery (SSRF) in the subtitle download feature where user-controlled parameters form file paths and fetch remote content, enabling an authen...
CVE-2025-14277
Technical details about CVE-2025-14277 (SSRF in Prime Slider Addons for Elementor) are not publicly provided in the supplied documents; monitor for updates.