7231 matches found
CVE-2025-10211
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...
CVE-2025-10211
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...
CVE-2025-10211 yanyutao0402 ChanCMS getArticle CollectController server-side request forgery
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...
CVE-2025-10211
ChanCMS 3.3.0 contains a server-side request forgery in the CollectController, triggered by manipulating the taskUrl parameter in /cms/collect/getArticle. The issue allows remote attackers to make arbitrary requests from the server. Public disclosures and a Nuclei template detail this SSRF, descr...
CVE-2025-10211 yanyutao0402 ChanCMS getArticle CollectController server-side request forgery
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit ha...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23.0 and earlier. The vulnerabilities are in the way Adobe Experience Manager handles security measures. Attackers with limited privileges, can exploit these vulnerabilities to perform unauthorized reads and writes, which ca...
CVE-2025-7843
CVE-2025-7843 — Auto Save Remote Images (Drafts) (WordPress) SSRF . The WordPress plugin (versions up to and including 1.0.9) is affected via fetch_images(), enabling authenticated attackers with Contributor+ privileges to make outbound requests from the web app and potentially access internal se...
WordPress plugin Auto Save Remote Images (Drafts) 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
ChanCMS 代码问题漏洞
ChanCMS is a content management system. ChanCMS 3.3.0 version of the existence of server-side request forgery vulnerability, the vulnerability stems from the file / cms/collect/getArticle in the function CollectController parameter taskUrl does not implement a sufficient validation mechanism to...
PT-2025-37018
Name of the Vulnerable Software and Affected Versions: Auto Save Remote Images Drafts plugin for WordPress versions up to and including 1.0.9 Description: The Auto Save Remote Images Drafts plugin for WordPress is susceptible to a Server-Side Request Forgery SSRF issue. This allows authenticated...
Linux Distros Unpatched Vulnerability : CVE-2024-34580
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in...
Linux Distros Unpatched Vulnerability : CVE-2022-0425
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side...
CVE-2025-9269 Server-Side Request Forgery (SSRF) vulnerability found in embedded web server
A Server-Side Request Forgery SSRF vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerabili...
CVE-2025-9269 Server-Side Request Forgery (SSRF) vulnerability found in embedded web server
A Server-Side Request Forgery SSRF vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerabili...
CVE-2025-5005
A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/indexevent.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched...
CVE-2025-58977
Server-Side Request Forgery SSRF vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Server Side Request Forgery.This issue affects WP eBay Product Feeds: from n/a through = 3.4.8...
CVE-2025-54249
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls...
WordPress WP eBay Product Feeds Plugin <= 3.4.8 - Server Side Request Forgery (SSRF) Vulnerability
Server Side Request Forgery SSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin WP eBay Product Feeds versions = 3.4.8...
CVE-2025-54249 Adobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918)
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls...
CVE-2025-58977
CVE-2025-58977 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin WP eBay Product Feeds by Rhys Wynne, affecting versions up to and including 3.4.8. The vulnerability allows an attacker to trigger SSRF conditions via plugin functionality as reported by Patchstack/partners and ...