CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

Parse Server 代码问题漏洞

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A code issue vulnerability exists in Parse Server versions 4.2.0 through 7.5.3 and 8.0.0 through 8.3.1-alpha.1, which stems from improper handling of the uri...

Lexmark Printers Server-Side Request Forgery (CVE-2023-50733)

A Server-Side Request Forgery SSRF vulnerability has been identified in the Web Services feature of newer Lexmark devices. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503890; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate",...

CVE-2025-64327

CVE-2025-64327 affects ThinkDashboard (Go + JavaScript) and is caused by a blind SSRF in the /api/ping?url= endpoint in versions 0.6.7 and earlier. An attacker can cause the application to perform arbitrary requests to internal or external hosts, potentially revealing local network topology and o...

CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

CVE-2025-11917

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematicotestfeed function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

CVE-2025-12388

The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...

CVE-2025-12560 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...

CVE-2025-12560

CVE-2025-12560 affects Blog2Social: Social Media Auto Post & Scheduler for WordPress. According to multiple sources, versions up to and including 8.6.0 are vulnerable to a Server-Side Request Forgery via the getFullContent() function, exploitable by authenticated users with Subscriber-level acces...

CVE-2025-12560 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...

EUVD-2025-37976

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...

CVE-2025-60541

CVE-2025-60541 describes a Server-Side Request Forgery (SSRF) in the linshenkx prompt-optimizer, affecting versions 1.3.0 through 1.4.2. The vulnerability resides in the /api/proxy/ component and enables an attacker to scan internal resources via a crafted request. Public sources (NVD/Red Hat/EUV...

WordPress plugin Blog2Social 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...

Prompt Optimizer 安全漏洞

Prompt Optimizer is a prompt word optimizer by and Alchemy Time Personal Developer. A security vulnerability exists in Prompt Optimizer versions 1.3.0 through 1.4.2, which stems from a server-side request forgery in the /api/proxy component, which could allow an attacker to scan internal resource...

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

PT-2025-45176

Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler versions prior to 8.6.1 Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is susceptible to a Server-Side Request Forgery issue in versions up to and including...

ThinkDashboard 安全漏洞

ThinkDashboard is a lightweight, self-hosted bookmarking dashboard by the individual developer MatiasDesu. A security vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from a server-side request forgery vulnerability in the /api/ping?url= endpoint that could lead an...

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A code issue vulnerability exists in DataEase version 2.10.14 and versions prio...