CVE-2024-46413

Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery SSRF via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex method...

PT-2025-34583 · Unknown · Huangdou Utcms Version 9

Name of the Vulnerable Software and Affected Versions: HuangDou UTCMS version 9 Description: A server-side request forgery issue exists due to manipulation of the UPDATEURL argument within the app/modules/ut-frame/admin/update.php file of the Config Handler component. This allows for remote...

CVE-2024-46413

Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery SSRF via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex method...

PT-2025-34653 · Unknown · Rebuild 3.7.7

Name of the Vulnerable Software and Affected Versions: Rebuild version 3.7.7 Description: The software contains a Server-Side Request Forgery SSRF issue. This occurs through the type parameter within the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex function. Recommendations: Updat...

Linux Distros Unpatched Vulnerability : CVE-2017-9066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. CVE-2017-9066 Note that Nessus relies on the presence o...

CVE-2025-9395

CVE-2025-9395 affects wangsongyan wblog 0.0.1. The vulnerability is in RestorePost of backup.go, where manipulation of the fileName parameter enables server-side request forgery (SSRF). It is remotely exploitable and an exploit is publicly available. Connected documents corroborate the issue and ...

CVE-2025-9395 wangsongyan wblog backup.go RestorePost server-side request forgery

A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be use...

PT-2025-34573 · Unknown · Wangsongyan Wblog

Name of the Vulnerable Software and Affected Versions: wangsongyan wblog version 0.0.1 Description: A vulnerability exists in the RestorePost function of the backup.go file, allowing for server-side request forgery SSRF through manipulation of the fileName argument. This issue is remotely...

Linux Distros Unpatched Vulnerability : CVE-2016-7964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to...

CVE-2025-7813

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxyimage function. This makes it possible for unauthenticated attackers to make web requests to...

CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxyimage function. This makes it possible for unauthenticated attackers to make web requests to...

CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxyimage function. This makes it possible for unauthenticated attackers to make web requests to...

CVE-2025-27217

A Server-Side Request Forgery SSRF in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope...

CVE-2025-54924

CWE-918: Server-Side Request Forgery SSRF vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint...

CVE-2025-54925

CWE-918: Server-Side Request Forgery SSRF vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Kafka ( CVE-2025-27817,CVE-2025-27818 & CVE-2025-27819 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Deserialization of Untrusted Data and Server-Side Request Forgery SSRF due to Apache Kafka. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability has been identified in Apache...

CVE-2025-5260

Server-Side Request Forgery SSRF vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5...

CVE-2025-8678

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

CVE-2025-8678

The CVE-2025-8678 entry concerns the WordPress WP Crontrol plugin. Affected versions 1.17.0–1.19.1 expose a blind Server-Side Request Forgery via wp_remote_request() that can be exploited by authenticated administrators or higher to issue web requests from the WordPress host to arbitrary external...

CVE-2025-8678 WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...