WordPress Pz-LinkCard plugin server-side request forgery vulnerability

WordPress Pz-LinkCard plugin is a WordPress plugin that is mainly used to display links in the form of cards, support custom display of external and internal links, and optimize social sharing and other features. WordPress Pz-LinkCard plugin suffers from a server-side request forgery vulnerabilit...

ThingsBoard 安全漏洞

ThingsBoard is a Java-based platform for IOT devices for monitoring, management, and data collection by the ThingsBoard team. A security vulnerability exists in ThingsBoard versions prior to 4.2.1 that stems from a server-side request forgery in the Image Upload Gallery feature of the dashboard,...

ILLA Builder 安全漏洞

ILLA Builder is a low-code platform open-sourced by ILLA Cloud. A security vulnerability exists in ILLA Builder versions prior to v4.8.5 that stems from the API allowing arbitrary requests to be sent, which could lead to a server-side request forgery attack...

CVE-2025-11864 NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The...

CVE-2025-11864

CVE-2025-11864 affects NucleoidAI Nucleoid up to 0.7.10. The vulnerable element is the function extension.apply in /src/cluster.ts of the Outbound Request Handler. Manipulation of the argument https/ip/port/path/headers can lead to server-side request forgery (SSRF). The attack can be performed r...

CVE-2025-58474

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

Nucleoid 代码问题漏洞

Nucleoid is a neural symbolic AI with a knowledge graph open-sourced by Nucleoid. A code issue vulnerability exists in Nucleoid 0.7.10 and earlier versions, which stems from incorrect manipulation of the parameter https/ip/port/path/headers of the function extension.apply of the component Outboun...

CVE-2025-60540

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...

EUVD-2025-34654

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

CVE-2025-10056

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

CVE-2025-10056

CVE-2025-10056 concerns the WordPress Task Scheduler plugin. Wordfence reports a Server-Side Request Forgery (SSRF) in all versions up to and including 1.6.3, exploitable via the Check Website task. The vulnerability requires authenticated access at Administrator level or higher, and an attacker ...

CVE-2025-10056 Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

CVE-2025-10056 Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

WordPress Task Scheduler plugin <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery vulnerability

Authenticated Admin+ Blind Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Task Scheduler versions = 1.6.3...

CVE-2025-11674

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

CVE-2025-8594

The CVE-2025-8594 entry describes a server-side request forgery (SSRF) vulnerability in the WordPress plugin Pz-LinkCard, version prior to 2.5.7. The issue arises because a request parameter is not validated before being used, allowing users with Contributor privileges or higher to trigger SSRF a...

CVE-2025-8594 Pz-LinkCard < 2.5.7 - Contributor+ SSRF

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...

WordPress plugin Pz-LinkCard 安全漏洞

WordPress Pz-LinkCard plugin is a WordPress plugin that is mainly used to display links in the form of cards, support custom display of external and internal links, and optimize social sharing and other features. WordPress Pz-LinkCard plugin suffers from a server-side request forgery vulnerabilit...

karakeep 安全漏洞

karakeep is a self-hostable bookmarking application from the Karakeep App open source. A security vulnerability exists in karakeep versions v0.26.0 through v0.7.0, which stems from vulnerability to server-side request forgery attacks...

PT-2025-42184

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...