CVE-2025-53250

Server-Side Request Forgery SSRF vulnerability in Chartbeat Chartbeat chartbeat allows Server Side Request Forgery.This issue affects Chartbeat: from n/a through = 2.0.7...

CVE-2025-54370

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

Linux Distros Unpatched Vulnerability : CVE-2022-1188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all version...

Linux Distros Unpatched Vulnerability : CVE-2019-17669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of...

CVE-2025-57822

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has...

CVE-2025-57822 Next.js Improper Middleware Redirect Handling Leads to SSRF

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has...

CVE-2025-57822 Next.js Improper Middleware Redirect Handling Leads to SSRF

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has...

Next.js Improper Middleware Redirect Handling Leads to SSRF

A vulnerability in Next.js Middleware has been fixed in v14.2.32 and v15.4.7. The issue occurred when request headers were directly passed into NextResponse.next. In self-hosted applications, this could allow Server-Side Request Forgery SSRF if certain sensitive headers from the incoming request...

Next.js 代码问题漏洞

Next.js is a React framework open-sourced by Vercel. A code issue vulnerability exists in versions of Next.js prior to 14.2.32 and 15.4.7, which stems from improper use of the next function and could lead to server-side request forgery...

PT-2025-35322

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 14.2.32 and prior to 15.4.7 Description Next.js is a React framework for building full-stack web applications. When the next function was used without explicitly passing the request object in self-hosted applications,...

CVE-2025-31971

AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery SSRF attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information...

CVE-2025-53250 WordPress Chartbeat Plugin <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Chartbeat Chartbeat allows Server Side Request Forgery. This issue affects Chartbeat: from n/a through 2.0.7...

CVE-2025-53250

CVE-2025-53250 corresponds to a Server-Side Request Forgery in the WordPress Chartbeat Plugin (versions n/a–2.0.7). The CVSS 3.1 base metrics indicate a Network attack vector, Low attack complexity, Low privileges required, no user interaction, with Confidentiality and Integrity impacts both Low ...

CVE-2025-48364

CVE-2025-48364 is a Server-Side Request Forgery (SSRF) vulnerability impacting the WordPress rajce plugin (vEnCa-X) versions n/a through 0.4.2. According to the sources, the issue affects rajce up to 0.4.2 and has a CVSS v3.1 base score of 4.9 (Network, High attack complexity, Low privileges, No ...

CVE-2025-48364 WordPress rajce plugin <= 0.4.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in vEnCa-X rajce rajce allows Server Side Request Forgery.This issue affects rajce: from n/a through = 0.4.2...

HCL AIML Solutions for SXVersions 1 Total 安全漏洞

HCL AIML Solutions for SXVersions 1 Total is an extension for intelligent services and predictive capabilities from HCL India. A security vulnerability exists in HCL AIML Solutions for SXVersions 1 Total version 1.0, which stems from improper URL validation and could lead to server-side request...

WordPress plugin Chartbeat 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin rajce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2023-7307 Sangfor Behavior Management System XML External Entity Injection

Sangfor Behavior Management System also referred to as DC Management System in Chinese-language documentation contains an XML external entity XXE injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity...

WordPress Solace Extra Plugin <= 1.3.2 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Solace Extra versions = 1.3.2...