7278 matches found
CVE-2025-13809
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13809
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13809
Summary: CVE-2025-13809 affects orionsec orion-ops (SSH Connection Handler) via the MachineInfoController, where manipulating arguments host/sshPort/username/password/authType can trigger server-side request forgery. The vulnerability is described across multiple sources as exploitable from remot...
EUVD-2025-199957
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
EUVD-2025-199940
A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. T...
CVE-2025-13796
A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. T...
CVE-2025-13796
A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. T...
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...
PT-2025-48419
Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog versions up to 5.2 Description A security issue exists in moxi159753 Mogu Blog v2. The LocalFileServiceImpl.uploadPictureByUrl function, located in the /file/uploadPicsByUrl file, is susceptible to server-side request...
Deco Apps Library / MCP Servers 代码问题漏洞
Deco Apps Library / MCP Servers is a content management system from deco.cx open source. A code issue vulnerability exists in Deco Apps Library / MCP Servers version 0.120.1 and earlier, which stems from incorrect manipulation of the parameter url in the file website/loaders/analyticsScript.ts,...
AI Gateway 代码问题漏洞
AI Gateway is an AI gateway open source by Portkey.ai. A code issue vulnerability exists in AI Gateway versions prior to 1.14.0, which stems from an SSRF vulnerability that could lead to external resource access...
PT-2025-48542
Name of the Vulnerable Software and Affected Versions PublicCMS version 5.202506.b Description PublicCMS version 5.202506.b is susceptible to a Server-Side Request Forgery SSRF condition. This issue is located within the chat interface of the SimpleAiAdminController. SSRF occurs when an applicati...
PT-2025-48413
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to Server-Side Request Forgery (SSRF) via the SimpleAiAdminController chat interface. Root cause details are not provided beyond the SSRF label in the chat interface. Impact is described in sources as SSRF with high severity, but no explicit exploit path or aff...
CVE-2025-13796 deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery
A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. T...
CVE-2025-13796
CVE-2025-13796 affects deco-cx apps up to 0.120.1, specifically the AnalyticsScript function in website/loaders/analyticsScript.ts of the Parameter Handler component. The issue arises from improper handling of the url argument, enabling server-side request forgery (SSRF) and remote exploitation. ...
EUVD-2025-199932
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2025-13789
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2025-13789 ZenTao model.php makeRequest server-side request forgery
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used...