maccms10 代码问题漏洞

maccms10 is magicblack open source PHP+MYSQL environment using a set of perfect and powerful rapid site building system. maccms10 2025.1000.4050 version of the code problem vulnerabilities. A code issue vulnerability exists in maccms10 version 2025.1000.4050, which stems from the incorrect...

maccms10 代码问题漏洞

maccms10 is magicblack open source a set of PHP + MYSQL environment running under the perfect and powerful rapid site-building system. maccms10 2025.1000.4050 version of the code problem vulnerabilities. A code issue vulnerability exists in maccms10 version 2025.1000.4050, which stems from...

PT-2025-37402

Name of the Vulnerable Software and Affected Versions: CRMEB versions prior to 5.6.1 Description: A security issue exists in CRMEB that allows for server-side request forgery. The testOutUrl function within the app/services/out/OutAccountServices.php file is affected. Manipulation of the push tok...

CVE-2025-10329

A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The...

CVE-2025-10329 cdevroe unmark Marks.php server-side request forgery

A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The...

CVE-2025-10329

CVE-2025-10329 affects cdevroe unmark up to version 1.9.3. The vulnerability resides in an unknown portion of /application/controllers/Marks.php and allows server-side request forgery by manipulating the url parameter. Exploitation can be performed remotely, and public PoCs exist. Multiple connec...

CVE-2025-10329 cdevroe unmark Marks.php server-side request forgery

A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The...

CVE-2025-10211

A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...

Vulnerabilities fixed in Omnissa Workspace ONE UEM

Omnissa has fixed vulnerabilities in Omnissa Workspace ONE UEM. The vulnerabilities are located in the API endpoints of Omnissa Workspace ONE UEM. The first vulnerability allows malicious parties to gain unauthorized access to sensitive information using the Path Traversal technique. This can lea...

CVE-2025-7843

The Auto Save Remote Images Drafts plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the fetchimages function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to...

CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

Unmark 代码问题漏洞

Unmark is an open source to-do list application for bookmarking. A code issue vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from incorrect manipulation of the parameter url in the file /application/controllers/Marks.php, which could lead to server-side request forgery. An...

PT-2025-37356

Name of the Vulnerable Software and Affected Versions: cdevroe unmark versions up to 1.9.3 Description: A vulnerability exists in cdevroe unmark up to version 1.9.3. The issue affects an unknown part of the file /application/controllers/Marks.php and allows for server-side request forgery through...

CVE-2025-59055 InstantCMS vulnerable to Server-Side Request Forgery via package installer

InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery SSRF vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS...

CVE-2025-59055

CVE-2025-59055 concerns InstantCMS up to version 2.17.3, where a blind SSRF vulnerability exists in the installer’s package parameter. The underlying issue allows an authenticated attacker to make arbitrary HTTP/HTTPS requests, enabling actions such as scanning internal networks, invoking local s...

CVE-2025-5005

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/indexevent.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched...

CVE-2025-58977

Server-Side Request Forgery SSRF vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Server Side Request Forgery.This issue affects WP eBay Product Feeds: from n/a through = 3.4.8...

CVE-2025-49430

Server-Side Request Forgery SSRF vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through = 10.1...

CVE-2025-9065

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash...