7229 matches found
PT-2025-36768
Name of the Vulnerable Software and Affected Versions: FWDesign Ultimate Video Player versions through 10.1 Description: A Server-Side Request Forgery SSRF vulnerability exists in FWDesign Ultimate Video Player, allowing Server Side Request Forgery. Recommendations: At the moment, there is no...
CVE-2025-44594
halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...
PT-2025-36729
Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager® affected versions not specified Description: A server-side request forgery issue exists in Rockwell Automation ThinManager® software due to insufficient input sanitization. Authenticated attackers can exploit...
CVE-2025-44594
halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...
Metabase < 0.44.5
The version of Metabase installed on the remote host is prior to 0.44.5. It is, therefore, affected by a The url parameter of the /api/geojson endpoint in Metabase versions 0.44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented b...
CVE-2025-43763
A server-side request forgery SSRF vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment fields. This flaw...
CVE-2025-43763
A server-side request forgery SSRF vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment fields. This flaw...
CVE-2025-10096
A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...
CVE-2025-10096
The CVE-2025-10096 issue affects SimStudioAI sim versions up to 1.0.0, with the vulnerability residing in the file apps/sim/app/api/files/parse/route.ts. By manipulating the filePath argument, an attacker could trigger a server-side request forgery (SSRF) remotely. Public exploitation has been di...
CVE-2025-10096 SimStudioAI sim route.ts server-side request forgery
A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...
CVE-2025-10096 SimStudioAI sim route.ts server-side request forgery
A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...
Sim Studio 代码问题漏洞
Sim Studio is an AI agent workflow builder for Sim Studio open source. A code issue vulnerability exists in Sim Studio 1.0.0 and prior versions, which stems from an incorrect manipulation of the parameter filePath that could lead to server-side request forgery...
WordPress Ditty Plugin < 3.1.58 is vulnerable to Server Side Request Forgery (SSRF)
Software Ditty Type Plugin Vulnerable versions 3.1.58 Fixed in 3.1.58 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2025-8085 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 6412178a9851 Credits Dmitrii Ignatyev Required privilege...
PT-2025-36527
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.20 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...
CVE-2025-58829
Server-Side Request Forgery SSRF vulnerability in aitool Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One ai-auto-tool allows Server Side Request Forgery.This issue affects Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One: from n/a through = 2.3.3...
CVE-2025-58615
Server-Side Request Forgery SSRF vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Server Side Request Forgery.This issue affects WP Bannerize Pro: from n/a through = 1.10.0...
CVE-2025-58641
Server-Side Request Forgery SSRF vulnerability in kamleshyadav Exit Intent Popup exitintentpopup allows Server Side Request Forgery.This issue affects Exit Intent Popup: from n/a through = 1.0.1...
CVE-2025-58829
CVE-2025-58829 affects WordPress plugin Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT) All in One, with SSRF in versions n/a up to 2.2.6. Root cause is SSRF exposure within the plugin’s handling of external requests. Public references indicate the vulnerability remains unpatched ...
CVE-2025-58829 WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.3.3 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in aitool Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One ai-auto-tool allows Server Side Request Forgery.This issue affects Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One: from n/a through = 2.3.3...
WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.3.3 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One versions = 2.3.3...