CVE-2025-61735

Apache Kylin is affected by a Server-Side Request Forgery (SSRF) vulnerability in versions 4.0.0 through 5.0.2. The issue arises from insufficient authentication to verify request sources, potentially allowing an attacker to probe internal/intranet resources. The recommended remediation is to upg...

CVE-2025-61735 Apache Kylin: Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

CVE-2025-61735 Apache Kylin: Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

CVE-2025-10735

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmitFormData. This makes it possible for unauthenticated attackers to make web requests to arbitrary location...

Apache Kylin 安全漏洞

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...

VitaraCharts 安全漏洞

VitaraCharts is a visual icon library from VitaraCharts, Inc. A security vulnerability exists in VitaraCharts version 5.3.5, which stems from a server-side request forgery in fileLoader.jsp...

Ivanti Secure Access Client 安全漏洞

Ivanti Secure Access Client is a security software client from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Secure Access Client versions prior to 14.10, which originates from an attacker with administrative privileges who can issue a specially crafted test HTTP request,...

CVE-2025-57305

VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp...

PT-2025-40404

Name of the Vulnerable Software and Affected Versions VitaraCharts version 5.3.5 Description VitaraCharts version 5.3.5 contains a Server-Side Request Forgery issue in the fileLoader.jsp file. This allows for potentially malicious requests to be made on behalf of the server. Recommendations At th...

CVE-2025-57305

VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp...

PT-2025-40421

Name of the Vulnerable Software and Affected Versions Secure Access versions prior to 14.10 Description A server-side request forgery condition exists in Secure Access. Individuals with administrative rights can submit a specially designed HTTP request from the Secure Access server. The attack...

CVE-2025-57305

VitaraCharts 5.3.5 is vulnerable to a Server-Side Request Forgery in the fileLoader.jsp component (CVE-2025-57305). The entry notes a MEDIUM-severity risk (CVSS 3.1: 6.5) with network vector, no user interaction required, and impact limited to confidentiality and availability (C). The root cause ...

CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...

CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...

LFI-SQLI-SSRF

🕵️‍♀️ Labo Web Vulnérable – Étape 1 : LFI Local File Inclusio...

CVE-2025-10735 Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmitFormData. This makes it possible for unauthenticated attackers to make web requests to arbitrary location...

CVE-2025-56520

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720...

WordPress plugin Block For Mailchimp 代码问题漏洞

WordPress Block For Mailchimp plugin is a plugin designed for WordPress to integrate Mailchimp's email subscription feature into a website. The WordPress Block For Mailchimp plugin suffers from a server-side request forgery vulnerability that stems from the mcbSubmitFormData function not...

Splunk Cloud Platform和Splunk Enterprise 代码问题漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. Splunk Cloud Platform and Splunk Enterprise ha...

PT-2025-40059

Name of the Vulnerable Software and Affected Versions The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress versions up to and including 1.1.12 Description The software is susceptible to a Blind Server-Side Request Forgery issue. This allows unauthenticated attackers to...