WordPress plugin Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

GHSA-QPR4-C339-7VQ8 Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter

Summary When using Astro's Cloudflare adapter @astrojs/cloudflare configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served...

Linux Distros Unpatched Vulnerability : CVE-2019-6970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle 3.5.x before 3.5.4 allows SSRF. CVE-2019-6970 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...

CVE-2025-9799

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

Possible SSRF and Credential Leakage via Absolute URL in axios Requests

...

CVE-2025-55007

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...

CVE-2025-58641 WordPress Exit Intent Popup Plugin <= 1.0.1 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in kamleshyadav Exit Intent Popup exitintentpopup allows Server Side Request Forgery.This issue affects Exit Intent Popup: from n/a through = 1.0.1...

CVE-2025-58615 WordPress WP Bannerize Pro Plugin <= 1.10.0 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Server Side Request Forgery.This issue affects WP Bannerize Pro: from n/a through = 1.10.0...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook functionality. An attacker can access internal network resources and potentially retrieve partial response data by specifying arbitrary destinations when sending webhooks. Note: This is...

CVE-2025-9821

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...

CVE-2025-9821

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...

CVE-2025-9821 SSRF via webhook function

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...

CVE-2025-9821

The CVE-2025-9821 relates to Mautic’s webhook feature, where the destination of webhooks is not validated, enabling SSRF when a user with webhook permissions can view webhook logs. This can allow bypassing firewalls to reach internal services and may disclose partial response data. Exploitation d...

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic that stems from an unvalidated webhook target that could lead to server-side request...

WordPress plugin Exit Intent Popup 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress plugin WP Bannerize Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A code issue...

CVE-2025-9805

A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit...

CVE-2025-9805

A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit...

CVE-2025-9805 SimStudioAI sim route.ts server-side request forgery

A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit...

CVE-2025-9805 SimStudioAI sim route.ts server-side request forgery

A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit...