CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

EUVD-2025-203556

Server-Side Request Forgery SSRF vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through = 4.1.3...

WordPress Fancy Product Designer | WooCommerce WordPress plugin <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition vulnerability

Unauthenticated Server-Side Request Forgery via Race Condition vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Plugin Fancy Product Designer versions = 6.4.8...

CVE-2025-67989

Server-Side Request Forgery SSRF vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through = 4.1.3...

CVE-2025-13231

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

Portworx Half-Blind SSRF in kube-controller-manager

...

CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

EUVD-2025-203530

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

CVE-2025-13231

The WordPress Fancy Product Designer plugin (WooCommerce) is affected up to version 6.4.8 by a TOCTOU race condition in the fpd_custom_uplod_file AJAX action. The url parameter is validated with getimagesize(), then later fetched with file_get_contents(), enabling unauthenticated SSRF by serving ...

CVE-2025-67989

CVE-2025-67989 – Kerge SSRF (WordPress theme) Affected software: Kerge (Personal Portfolio Resume Theme)

CVE-2025-67989 WordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through = 4.1.3...

CVE-2025-66407

Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...

Penetration Testing of Agentic AI: A Comparative Security Analysis across Models and Frameworks

Agentic AI introduces security vulnerabilities that traditional LLM safeguards fail to address. Although recent work by Unit 42 at Palo Alto Networks demonstrated that ChatGPT-4o successfully executes attacks as an agent that it refuses in chat mode, there is no comparative analysis in multiple...

CVE-2025-52196

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

WordPress RSS Aggregator by Feedzy Code Issue Vulnerability

WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...

Red Hat OpenShift 代码问题漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A code issue vulnerability exists in Red Hat OpenShift that stems from a lack of IP address and network range validation, which could...

PT-2025-51747

Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9 Description The software contains a blind server-side request forgery issue that allows attackers to inject XML. This can be triggered by manipulating the shortdesc parameter in the episode upload form, enabling...

CTERA Portal 安全漏洞

CTERA Portal is an enterprise-grade cloud data management platform from CTERA. A security vulnerability exists in Ctera Portal version 8.1.x, which stems from improper handling of HTML files and could lead to server-side request forgery...