WordPress WP Crontrol plugin 1.17.0-1.19.1 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crontrol versions 1.17.0-1.19.1...

WordPress plugin WP Crontrol 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

ROS-20250822-23

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

CVE-2025-43747

A server-side request forgery SSRF vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation i...

CVE-2025-43747

The CVE-2025-43747 entry documents a server‑side request forgery (SSRF) in Liferay DXP 2025.Q2.0–2025.Q2.3 caused by insecure domain validation on analytics.cloud.domain.allowed, which permits an attacker to craft requests by altering the domain and bypasses the validation mechanism that does not...

CVE-2025-43747

A server-side request forgery SSRF vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation i...

Exploit for CVE-2025-60738

ilevia-EVE-X1-Server ilevia-EVE-X1-Server rce poc;ssrf Aff...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to empty request bodies not being properly rejected. An attacker can cause users to perform unintended actions by tricking them into clicking malicious links through post actions. Remediation Upgrade...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to empty request bodies not being properly rejected. An attacker can cause users to perform unintended actions by tricking them into clicking malicious links through post actions. Remediation Upgrade...

GHSA-VQWH-5JHH-VC9P Mattermost Server SSRF Vulnerability via the Agents Plugin

Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...

CVE-2025-27217

The CVE-2025-27217 entry concerns a Server-Side Request Forgery (SSRF) in the UISP Application. Affected software: UISP Application. Vulnerability: SSRF allowing a user with certain permissions to make requests outside the UISP scope. Root cause: SSF vulnerability within the UISP Application; imp...

Ubiquiti UISP Application 安全漏洞

Ubiquiti UISP Application is an application used by Ubiquiti USA to manage and configure its network devices. A security vulnerability exists in the Ubiquiti UISP Application that originates from server-side request forgery and could result in out-of-scope requests...

Liferay DXP 代码问题漏洞

Liferay DXP is a suite of digital experience collaboration platforms from Liferay USA. A code issue vulnerability exists in Liferay DXP versions 2025.Q2.0 through 2025.Q2.3, which stems from insecure validation of analytics.cloud.domain.allowed domain names, which could lead to a server-side...

PT-2025-34298 · Liferay · Liferay Dxp

Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 2025.Q2.0 through 2025.Q2.3 Description: A server-side request forgery SSRF vulnerability exists due to insecure domain validation on analytics.cloud.domain.allowed. This allows an attacker to perform requests by changing...

PT-2025-34176 · Ubiquiti · Uisp Application

Name of the Vulnerable Software and Affected Versions: UISP Application affected versions not specified Description: A Server-Side Request Forgery SSRF exists in the UISP Application. This issue may allow a malicious actor with certain permissions to make requests outside of the application’s...

Linux Distros Unpatched Vulnerability : CVE-2023-6195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from...

CVE-2025-1142

IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-1142 IBM Edge Application Manager server-side request forgery

IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-1142 IBM Edge Application Manager server-side request forgery

IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-1142

Summary: CVE-2025-1142 affects IBM Edge Application Manager 4.5. The Red Hat, NVD, and IBM bulletin entries corroborate a server-side request forgery (SSRF) vulnerability in IBM Edge Application Manager 4.5, enabling an authenticated attacker to issue unauthorized requests from the vulnerable sys...