CVE-2025-10764

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...

CVE-2025-10764 SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...

CVE-2025-10764

CVE-2025-10764 affects SeriaWei ZKEACMS up to 4.3, specifically the Edit function in Event Action System at src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs. The vulnerability stems from manipulation of the Data argument, enabling server-side request forgery (SSRF) from remote attacke...

CVE-2025-10760

A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookuprepo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be...

CVE-2025-10760 Harness lookup_repo.go LookupRepo server-side request forgery

A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookuprepo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be...

CVE-2025-10760

Harness 3.3.0 is affected by a flaw in the LookupRepo function (app/api/controller/gitspace/lookup_repo.go) where manipulating the url argument can trigger server-side request forgery. The vulnerability is exploitable remotely, and published PoCs exist; vendor did not respond to disclosure per mu...

CVE-2025-10760 Harness lookup_repo.go LookupRepo server-side request forgery

A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookuprepo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be...

PT-2025-38655

Name of the Vulnerable Software and Affected Versions Harness version 3.3.0 Description A flaw exists in Harness that impacts the LookupRepo function within the app/api/controller/gitspace/lookup repo.go file. Manipulation of the url argument can lead to server-side request forgery, potentially...

ZKEACMS 代码问题漏洞

ZKEACMS is a visually designed, WYSIWYG content management system from ZKEASOFT open source. A code issue vulnerability exists in ZKEACMS 4.3 and earlier versions, which stems from a flaw in the CheckPage/Suggestions function in the SEOSuggestions component that could lead to a server-side reques...

Harness 代码问题漏洞

Harness is a development platform open-sourced by Harness. A code issue vulnerability exists in Harness version 3.3.0, which stems from the incorrect manipulation of the parameter url by the LookupRepo function in the file app/api/controller/gitspace/lookuprepo.go, which could lead to server-side...

ZKEACMS 代码问题漏洞

ZKEACMS is a visually designed, WYSIWYG content management system from ZKEASOFT open source. A code issue vulnerability exists in ZKEACMS 4.3 and earlier versions, which stems from incorrect manipulation of the parameter Data in the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.c...

PT-2025-38659

Name of the Vulnerable Software and Affected Versions SeriaWei ZKEACMS versions prior to 4.4 Description A vulnerability exists in SeriaWei ZKEACMS up to version 4.3. The issue affects the Edit function within the src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs file of the Event Acti...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in request-2.88.2.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of request-2.88.2.tgz Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol...

CVE-2025-59346

Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery SSRF vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to...

CVE-2025-26515

StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...

CVE-2025-26515

StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...

CVE-2025-26515 CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale)

StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...

CVE-2025-26515

StorageGRID (formerly StorageGRID Webscale) is affected by CVE-2025-26515, a Server-Side Request Forgery (SSRF) in versions prior to 11.8.0.15 and 11.9.0.8 when Single Sign-On is not enabled. An unauthenticated attacker could change the password of any Grid Manager or Tenant Manager non-federated...

CVE-2025-57644

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...

CVE-2025-9862

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...