CVE-2025-49430 WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through = 10.1...

CVE-2025-47437 WordPress LiteSpeed Cache plugin <= 7.0.1 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through = 7.0.1...

CVE-2025-47437

CVE-2025-47437 is a confirmed SSRF in the WordPress LiteSpeed Cache plugin (

CVE-2025-55139

SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to enumerate internal...

CVE-2025-9065

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash...

CVE-2025-9065

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash...

CVE-2025-9065

CVE-2025-9065 affects Rockwell Automation ThinManager®. Description: a server-side request forgery due to insufficient input sanitization allows authenticated attackers to specify external SMB paths, exposing the ThinServer service account NTLM hash. Documents consistently describe ThinManager SS...

CVE-2025-9065 Rockwell Automation ThinManager® Server-Side Request Forgery Vulnerability

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the custom object attachment fields. An attacker can induce the system to make unauthorized network requests to arbitrary external resources by creating new object entries that link to external...

GHSA-477Q-X55M-J38G Liferay Portal is vulnerable to SSRF through custom object attachment fields

A server-side request forgery SSRF vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment fields. This flaw...

CVE-2025-43763

A server-side request forgery SSRF vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment fields. This flaw...

Liferay Portal和Liferay DXP 代码问题漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Rockwell Automation ThinManager 安全漏洞

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A server-side request forgery vulnerability exists in Rockwell Automation ThinManager, which stems from...

WordPress plugin LiteSpeed Cache 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin WP eBay Product Feeds 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

Lexmark 安全漏洞

Lexmark is a line of printers from Lexmark, USA. A security vulnerability exists in Lexmark that stems from the vulnerability of the embedded web server to a server-side request forgery attack, which could lead to internal network access...

Halo 安全漏洞

Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A security vulnerability exists in Halo v2.20.17 and earlier versions, which stems from a server-side request forgery that could lead to the upload of malicious files...

Nuxt Icon < 1.4.5 Server-Side Request Forgery

Nuxt Icon versions prior to 1.4.5 are vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs in the icon fetching functionality. An attacker can exploit this vulnerability by providing a malicious URL that points to an internal or restricted resource,...

PT-2025-36745

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Connect Secure versions prior to 22.8R2 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior t...

PT-2025-36901

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the embedded web server of Lexmark devices. An attacker can exploit this issue to make the device send an arbitrary HTTP...