7239 matches found
CVE-2025-59155
The HackMD MCP server (hackmd-mcp) is affected by a Server-Side Request Forgery (SSRF) in HTTP transport mode from version 1.4.0 up to 1.5.0. The vulnerability stems from inadequate validation of arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON qu...
CVE-2025-10471 ZKEACMS MediaController.cs Proxy server-side request forgery
A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is now public and may...
CVE-2025-10471
ZKEACMS 4.3 is affected by a server-side request forgery in the Proxy function of src/ZKEACMS/Controllers/MediaController.cs. Manipulating the url argument enables remote exploitation, and public exploits exist. Impact is SSRF with potential access to internal resources; CVSS specifics vary by so...
CVE-2025-58045
DataEase (DataEase Open Source) contains a JDBC URL injection vulnerability affecting DB2 and MongoDB data source configuration handlers. In versions up to 2.10.13, when extraParams is empty, the HOSTNAME, PORT, and DATABASE values are concatenated into the JDBC URL without filtering illegal para...
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...
CVE-2025-10453
O'View MapServer developed by PilotGaea Technologies has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network...
CVE-2025-10453
CVE-2025-10453 affects O’View MapServer by PilotGaea Technologies. The connected sources confirm a Server-Side Request Forgery (SSRF) vulnerability that can be exploited by unauthenticated remote attackers to probe internal networks. The root cause is SSRF within the MapServer component, enabling...
CVE-2025-10453 PilotGaea Technologies|O'View MapServer - Server-Side Request Forgery
O'View MapServer developed by PilotGaea Technologies has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase 2.10.12 and earlier versions , whic...
PT-2025-37719
Name of the Vulnerable Software and Affected Versions: Dataease versions up to 2.10.12 Description: Dataease is an open source data analytics and visualization platform. A patch intended to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The lda...
PT-2025-39072
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Flowise version 3.0.5 Description A Server-Side Request Forgery SSRF vulnerability exists in the /api/v1/fetch-links endpoint of the Flowise application. This allows an attacker to use the Flowise server as a...
PT-2025-37454
Name of the Vulnerable Software and Affected Versions: O'View MapServer affected versions not specified Description: O'View MapServer developed by PilotGaea Technologies contains a Server-Side Request Forgery vulnerability. This allows unauthenticated remote attackers to probe internal networks...
PilotGaea OView MapServer 代码问题漏洞
PilotGaea OView MapServer is a Geographic Information System GIS map server software from PilotGaea in Taiwan, China. A code issue vulnerability exists in PilotGaea OView MapServer, which can be exploited by an unauthenticated, remote attacker to probe the internal network using a server-side...
ZKEACMS 代码问题漏洞
ZKEACMS is a visually designed, WYSIWYG content management system from ZKEASOFT open source. A code issue vulnerability exists in ZKEACMS version 4.3, which stems from the incorrect manipulation of the parameter url of the function Proxy in the file src/ZKEACMS/Controllers/MediaController.cs, whi...
HackMD MCP Server 代码问题漏洞
HackMD MCP Server is a context protocol server for yuna0x0 individual developers. A code issue vulnerability exists in hackmd-mcp version 1.4.0 up to and including version 1.5.0, which stems from not validating the Hackmd-Api-Url header or base64-encoded JSON query parameter in HTTP transport mod...
PT-2025-37732
Name of the Vulnerable Software and Affected Versions: hackmd-mcp versions 1.4.0 through 1.4.9 Description: hackmd-mcp is a Model Context Protocol server that integrates HackMD's note-taking platform with AI assistants. A server-side request forgery SSRF vulnerability exists in the HTTP transport...
CVE-2025-10329
A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The...
CVE-2025-10410
A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed...
CVE-2025-10410 SourceCodester Link Status Checker index.php server-side request forgery
A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed...
CVE-2025-10410
CVE-2025-10410 affects SourceCodester Link Status Checker 1.0, specifically the code in index.php where manipulating the proxy argument enables server-side request forgery (SSRF). Multiple feeds confirm remote initiation and public disclosure of the exploit. The primary affected component is the ...