CVE-2025-12962 Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...

CVE-2025-12962

CVE-2025-12962 affects the WordPress Local Syndication plugin up to version 1.5a. The vulnerability is a Server-Side Request Forgery (SSRF) triggered via the url parameter in the [syndicate_local] shortcode. It arises from using wp_remote_get() instead of wp_safe_remote_get(), which lacks protect...

WordPress AI Engine plugin <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery vulnerability

Authenticated Editor+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AI Engine versions = 3.1.8...

WordPress WP Migrate Lite plugin <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Migrate Lite versions = 2.7.6...

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

CVE-2025-63408

CVE-2025-63408 affects Local Agent DVR up to version 6.6.1.0. The vulnerability is a directory traversal that enables an unauthenticated local attacker to: (1) access sensitive information, (2) trigger a server-side forgery request (SSRF), and (3) execute operating system commands. The available ...

PT-2025-47265

Name of the Vulnerable Software and Affected Versions Local Syndication plugin for WordPress versions prior to 1.5a Description The Local Syndication plugin for WordPress is susceptible to Server-Side Request Forgery SSRF in versions up to and including 1.5a. The issue stems from the use of wp...

PT-2025-47305

Name of the Vulnerable Software and Affected Versions AI Engine plugin for WordPress versions through 3.1.8 Description The AI Engine plugin for WordPress is susceptible to Server-Side Request Forgery SSRF in all versions up to and including 3.1.8. This issue is present in the rest helpers create...

PT-2025-47295

Name of the Vulnerable Software and Affected Versions WP Migrate Lite – WordPress Migration Made Easy plugin versions prior to 2.7.7 Description The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is susceptible to a Blind Server-Side Request Forgery. This allows...

Desktop Alert PingAlert Server-Side Request Forgery Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a server-side request forgery vulnerability, which stems from the server not...

iSpy Agent DVR 安全漏洞

iSpy Agent DVR is an advanced video surveillance software from iSpy. A security vulnerability exists in iSpy Agent DVR version 6.6.1.0 and prior versions, which stems from a directory traversal issue that could lead to the disclosure of sensitive information and server-side request forgery...

WordPress plugin AI Engine 代码问题漏洞

WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...

WordPress plugin WP Migrate Lite – WordPress Migration Made Easy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

WordPress Local Syndication plugin <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode vulnerability

Authenticated Contributor+ Server-Side Request Forgery via Shortcode vulnerability discovered by Ivan Cese in WordPress Plugin Local Syndication versions = 1.5a...

CVE-2025-37734

A flaw was found in Kibana. This vulnerability allows Server-Side Request Forgery via a forged Origin HTTP header...

CVE-2025-13174

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...

python-kdcproxy: Remote DoS via unbounded TCP upstream buffering

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

PT-2025-47167

Name of the Vulnerable Software and Affected Versions PDFPatcher versions through 1.1.3.4663 Description The software does not properly restrict XML external entity XXE references in its XML bookmark import functionality. The application utilizes .NET’s XmlDocument class without disabling externa...

RHEL 9 : python-kdcproxy (RHSA-2025:21448)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21448 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

CVE-2025-54560

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...