CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Veracode•added 2025/12/13 7:30 a.m.•4 views

Server-Side Request Forgery (SSRF)

libtaxii is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of an initial http:// substring in the parse method, even when the XML parser is configured with the nonetwork setting, which allows an attacker to trigger unauthorized network requests throu...

9.8CVSS8.4AI score0.0225EPSS

Exploits2References9Affected Software1

Veracode•added 2025/12/13 7:30 a.m.•4 views

Server-Side Request Forgery (SSRF)

Open WebUI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, allowing authenticated users to force the server to send HTTP requests to arbitrary destinations, which may enable access to internal services, cloud metadata...

8.5CVSS5.9AI score0.03965EPSS

Exploits1References2Affected Software1

Veracode•added 2025/12/13 5:1 a.m.•5 views

XML External Entity (XXE) Injection

Jenkins Semantic Versioning Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper validation of controller/agent messages and unrestricted parsing of attacker-controlled files containing external entities, allowing attackers controlling agent processes to...

9.8CVSS7.3AI score0.01314EPSS

Exploits0References5Affected Software1

Veracode•added 2025/12/13 4:57 a.m.•6 views

XML External Entity (XXE)

org.jenkins-ci.plugins, jdepend is vulnerable to XML External Entity XXE. The vulnerability is due to improper configuration of the XML parser that does not disable external entity processing, which allows an attacker to exploit crafted XML input to access sensitive information or perform...

7.1CVSS5.8AI score0.00292EPSS

Exploits0References3Affected Software1

CNNVD•added 2025/12/13 12:0 a.m.•1 views

WordPress plugin Emplibot 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

4.4CVSS6.7AI score0.00158EPSS

Exploits0References3

Positive Technologies•added 2025/12/13 12:0 a.m.•2 views

PT-2025-51055

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibot call webhook with error and emplibot process zip data...

4.4CVSS5.8AI score0.00158EPSS

Patchstack•added 2025/12/12 10:32 p.m.•3 views

WordPress Emplibot plugin <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery vulnerability

Authenticated Admin+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Emplibot versions = 1.0.9...

4.4CVSS6.8AI score0.00158EPSS

Exploits0References1Affected Software1

GithubExploit•added 2025/12/12 6:51 p.m.•170 views

Exploit for Improper Restriction of XML External Entity Reference in Geoserver

CVE-2025-58360: GeoServer XXE Lab Unauthenticated XML Ext...

9.8CVSS7.5AI score0.66753EPSS

Exploits4

RedhatCVE•added 2025/12/12 2:7 p.m.•5 views

CVE-2025-14516

A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS6.5AI score0.00388EPSS

Exploits1References1

OSV•added 2025/12/12 12:20 p.m.•2 views

OESA-2025-2819 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

OSV•added 2025/12/12 12:20 p.m.•3 views

OESA-2025-2818 kubernetes security update

OSV•added 2025/12/12 12:20 p.m.•3 views

OESA-2025-2817 kubernetes security update

OSV•added 2025/12/12 12:20 p.m.•6 views

OESA-2025-2816 kubernetes security update

NVD•added 2025/12/12 8:15 a.m.•6 views

CVE-2025-10583

The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web reques...

3.5CVSS0.00201EPSS

Atlassian•added 2025/12/12 7:27 a.m.•14 views

SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center and Server

This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 9.6.1, 10.0.0, 10.1.0, 10.2.0, and 11.0.0 of Bamboo Data Center and Server. This SSRF Server-Side Request Forgery vulnerability, with a CVSS Score of 7.7 and a CVSS Vector of...

8.7CVSS7AI score0.00759EPSS

Exploits1

CVE•added 2025/12/12 7:20 a.m.•12 views

CVE-2025-10583

CVE-2025-10583 — WordPress WP Fastest Cache Premium : A SSRF vulnerability via the get_server_time_ajax_request action affects WP Fastest Cache Premium versions

3.5CVSS6AI score0.00201EPSS

Cvelist•added 2025/12/12 7:20 a.m.•27 views

CVE-2025-10583 WP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery

3.5CVSS0.00201EPSS