7276 matches found
CVE-2025-33203
NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service...
CVE-2025-33203
NVIDIA NeMo Agent Toolkit UI for Web is affected by a Server-Side Request Forgery in the chat API endpoint (likely /chat). The root cause is a vulnerability in the chat API that may allow an attacker to induce information disclosure and denial of service. Public documentation in connected sources...
CVE-2025-33203
NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service...
CVE-2025-33203
NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass method. An attacker can access internal network resources by leveraging a 302 redirect to bypass existing security restrictions. PoC python from flask import Flask, redirect app = Flasknam...
NVIDIA NeMo Agent ToolKit 代码问题漏洞
NVIDIA NeMo Agent ToolKit is an intelligences optimization toolkit from NVIDIA, Inc. A code issue vulnerability exists in NVIDIA NeMo Agent ToolKit, which stems from a server-side request forgery in the Chat API endpoint that could lead to information disclosure and denial of service...
PT-2025-48062
Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Agent Toolkit UI for Web affected versions not specified Description The software contains a Server-Side Request Forgery condition in the chat API endpoint. An attacker may exploit this to cause a Server-Side Request Forgery,...
CVE-2025-62155 QuantumNous New API Has SSRF Bypass
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
CVE-2025-12800
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the sushortcodecsvtable function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make...
new-api is vulnerable to SSRF Bypass
Summary A recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successful...
Server-Side Request Forgery (SSRF)
LLaMA-Factory is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the chat API’s processrequest function making unsanitized HTTP requests to user-supplied URLs, which allows an attacker to force internal/external network requests and read arbitrary files on the server...
Server-Side Request Forgery (SSRF)
vllm is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on user-supplied URLs in the MediaConnector class’s loadfromurl and loadfromurlasync methods, which allows an attacker to coerce the server into making arbitrary internal network requests...
CVE-2025-13588
A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...
CVE-2025-13588
A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...
CVE-2025-13588 lKinderBueno Streamity Xtream IPTV Player proxy.php server-side request forgery
A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...
CVE-2025-13588 lKinderBueno Streamity Xtream IPTV Player proxy.php server-side request forgery
A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...
EUVD-2025-198591
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the sushortcodecsvtable function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make...
Streamity.tv 代码问题漏洞
Streamity.tv is an advanced IPTV web player by E M Individual Developer. A code issue vulnerability exists in Streamity.tv version 2.8 and earlier, which stems from a misbehavior in the file public/proxy.php and could lead to server-side request forgery...
PT-2025-47889
A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...
CVE-2025-12800
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the sushortcodecsvtable function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make...