WordPress Task Scheduler plugin <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery vulnerability

Authenticated Admin+ Blind Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Task Scheduler versions = 1.6.3...

CVE-2025-11674

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

CVE-2025-8594

The CVE-2025-8594 entry describes a server-side request forgery (SSRF) vulnerability in the WordPress plugin Pz-LinkCard, version prior to 2.5.7. The issue arises because a request parameter is not validated before being used, allowing users with Contributor privileges or higher to trigger SSRF a...

CVE-2025-8594 Pz-LinkCard < 2.5.7 - Contributor+ SSRF

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...

WordPress plugin Pz-LinkCard 安全漏洞

WordPress Pz-LinkCard plugin is a WordPress plugin that is mainly used to display links in the form of cards, support custom display of external and internal links, and optimize social sharing and other features. WordPress Pz-LinkCard plugin suffers from a server-side request forgery vulnerabilit...

karakeep 安全漏洞

karakeep is a self-hostable bookmarking application from the Karakeep App open source. A security vulnerability exists in karakeep versions v0.26.0 through v0.7.0, which stems from vulnerability to server-side request forgery attacks...

PT-2025-42184

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...

CVE-2025-60540

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...

CVE-2025-60540

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...

CVE-2025-11648

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TFFQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are high...

EUVD-2025-34045

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

CVE-2025-11674

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

CVE-2025-11674 PiExtract｜SOOP-CLM - Server-Side Request Forgery

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

CVE-2025-11674 PiExtract｜SOOP-CLM - Server-Side Request Forgery

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

CVE-2025-31993

HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery SSRF. An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server...

Exploit for Server-Side Request Forgery in Apache Kafka

Apache Kafka 4.1.0 with Keycloak OAuth2 Authentication Produc...

EUVD-2025-33913

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TFFQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are high...

WordPress Block For Mailchimp plugin server-side request forgery vulnerability

WordPress Block For Mailchimp plugin is a plugin designed for WordPress to integrate Mailchimp's email subscription feature into a website. The WordPress Block For Mailchimp plugin suffers from a server-side request forgery vulnerability that stems from the mcbSubmitFormData function not...

VulnCheck KEV: CVE-2023-27163

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/baskets/name. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

PiExtract SOOP-CLM 代码问题漏洞

PiExtract SOOP-CLM is a cost-effective, enterprise-grade, centralized log management solution from China Xinyan PiExtract. A code issue vulnerability exists in PiExtract SOOP-CLM, which stems from vulnerability to server-side request forgery attacks that could result in reading server files or...