WordPress plugin Silencesoft RSS Reader 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WeKnora 代码问题漏洞

WeKnora is an LLM-based framework open-sourced by Tencent, with features such as deep document understanding, semantic retrieval and context-aware answers using the RAG paradigm. A code issue vulnerability exists in WeKnora version 0.1.0, which stems from incorrect manipulation of the parameter...

PT-2025-39515

Name of the Vulnerable Software and Affected Versions Snow Monkey versions prior to 29.1.6 Description The Snow Monkey theme for WordPress is susceptible to Server-Side Request Forgery SSRF in all versions up to and including 29.1.5. This flaw resides within the request function and allows...

PT-2025-39603

Name of the Vulnerable Software and Affected Versions bdthemes ZoloBlocks versions through 2.3.9 Description A Server-Side Request Forgery SSRF issue exists in bdthemes ZoloBlocks. This allows for Server Side Request Forgery. The issue impacts the software when using versions through 2.3.9...

Omnissa Workspace ONE UEM Multiple Vulnerabilities (OMSA-2025-0004)

The version of Workspace ONE UEM console running on the remote host is affected by multiple vulnerabilities, as follows: - Omnissa Workspace ONE UEM contains a Server-Side Request Forgery SSRF Vulnerability. A malicious actor with user privileges may be able to access restricted internal system...

cors-anywhere vulnerable to server-side request forgery

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

CVE-2020-36851

CVE-2020-36851 affects cors-anywhere/server-side proxy configurations that run as an open proxy. The issue allows unauthenticated external users to induce the proxy to make HTTP requests to arbitrary targets (SSRF) because the proxy forwards requests and headers, enabling access to internal endpo...

Exploit for CVE-2025-51591

CVE-2025-51591 Pandoc SSRF POC A Server-Side Request Forger...

Exploit for Server-Side Request Forgery in Wkhtmltopdf

CVE-2022-35583 Pandoc SSRF POC A Server-Side Request Forgery...

CVE-2025-58962

Server-Side Request Forgery SSRF vulnerability in publitio Publitio publitio allows Server Side Request Forgery.This issue affects Publitio: from n/a through = 2.2.1...

CVE-2025-58011

Server-Side Request Forgery SSRF vulnerability in Alex Content Mask content-mask allows Server Side Request Forgery.This issue affects Content Mask: from n/a through = 1.8.5.2...

CVE-2025-53461

Server-Side Request Forgery SSRF vulnerability in Binsaifullah Beaf image-compare-block allows Server Side Request Forgery.This issue affects Beaf: from n/a through = 1.6.2...

CVE-2025-36037

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services AWS Instance Metadata Service IMDS. The vulnerability in question is CVE-2025-51591 CVSS score: 6.5,...

CVE-2025-10765

A security flaw has been discovered in SeriaWei ZKEACMS up to 4.3. This vulnerability affects the function CheckPage/Suggestions in the library cms-v4.3\wwwroot\Plugins\ZKEACMS.SEOSuggestions\ZKEACMS.SEOSuggestions.dll of the component SEOSuggestions. Performing manipulation results in server-sid...

CVE-2025-10760

A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookuprepo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be...

CVE-2025-42907 Server-Side Request Forgery in SAP BI Platform

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system...

CVE-2025-59527

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...

CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...

WordPress SEO Backlink Monitor plugin <= 1.8.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin SEO Backlink Monitor versions = 1.8.0...