CVE-2025-57814

CVE-2025-57814 affects the http(s).Agent implementation in request-filtering-agent. Vulnerability: HTTPS requests to 127.0.0.1 bypass IP filtering, allowing potential access to internal HTTPS services and bypass of SSRF protection when user-supplied URLs are used. HTTP requests are blocked as int...

GHSA-PW25-C82R-75MM request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1

request-filtering-agent versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. Impact: Vulnerable patterns requests that should be blocked but are allowed: - https://127.0.0.1:443/api -...

CVE-2025-9414

A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote...

CVE-2025-9414 kalcaddle kodbox Download from Link serverDownload server-side request forgery

A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote...

CVE-2024-46413

Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery SSRF via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex method...

Server-side Request Forgery (SSRF)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a user...

GHSA-RX7M-68VC-PPXH PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

CVE-2025-54370

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

CVE-2025-7813

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxyimage function. This makes it possible for unauthenticated attackers to make web requests to...

CVE-2025-9402

A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carri...

CVE-2025-9402

A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carri...

CVE-2025-9402 HuangDou UTCMS Config update.php server-side request forgery

A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carri...

CVE-2025-9402

CVE-2025-9402 affects HuangDou UTCMS 9, specifically the Config Handler’s file app/modules/ut-frame/admin/update.php. Root cause: manipulation of the UPDATEURL argument enables server-side request forgery (SSRF). Impact: remote exploitation with potential compromise of affected systems; exploit p...

CVE-2024-46413

CVE-2024-46413 concerns Rebuild v3.7.7, where the SSRF vulnerability is triggered via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex function. The issue originates in the RBStoreController loadDataIndex path and exposes the system to server-side requests t...

UTCMS 代码问题漏洞

UTCMS is a content management system built on the UT framework by the individual developer of usaltool. A code issue vulnerability exists in UTCMS version 9, which originates from a server-side request forgery of the UPDATEURL parameter in file app/modules/ut-frame/admin/update.php...

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and prior to 5.0.0, which stems from a server-side request forgery during HTML document processing...

request-filtering-agent 代码问题漏洞

request-filtering-agent is an application by azu Personal Developers. A code issue vulnerability exists in request-filtering-agent version 1.x.x and prior versions that stems from HTTPS requests bypassing IP address filtering, which could lead to accessing internal services bypassing SSRF...

kodbox 代码问题漏洞

kodbox is a web file manager by warlee individual developer. A code issue vulnerability exists in kodbox version 1.61, which stems from a server-side request forgery due to incorrect manipulation of the parameter url in the file /?explorer/upload/serverDownload...