PT-2025-34062 · Ibm · Edge Application Manager

Name of the Vulnerable Software and Affected Versions: IBM Edge Application Manager version 4.5 Description: IBM Edge Application Manager is susceptible to a server-side request forgery SSRF issue. An authenticated attacker may be able to send unauthorized requests from the system, potentially...

PozitifIK Pik Online 代码问题漏洞

PozitifIK Pik Online is an online exam application from PozitifIK, Inc. A security vulnerability exists in PozitifIK Pik Online versions prior to 3.1.5 that stems from vulnerability to server-side request forgery attacks...

PT-2025-33964 · Unknown · Pik Online

Name of the Vulnerable Software and Affected Versions: Pik Online versions prior to 3.1.5 Description: Pik Online contains a Server-Side Request Forgery SSRF vulnerability. This allows for Server-Side Request Forgery. Recommendations: Update Pik Online to version 3.1.5 or later...

Linux Distros Unpatched Vulnerability : CVE-2022-26499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as...

Server-side Request Forgery (SSRF)

Overview johnbillion/wp-crontrol is a package that allows you to take control of the cron events on your WordPress website. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the wpremoterequest function. An attacker can send arbitrary HTTP requests from the...

PT-2025-33892 · WordPress · Wp Crontrol

Name of the Vulnerable Software and Affected Versions: WP Crontrol versions 1.17.0 through 1.19.1 Description: The WP Crontrol plugin for WordPress is vulnerable to Server-Side Request Forgery via the wp remote request function. This allows authenticated attackers with Administrator-level access...

Linux Distros Unpatched Vulnerability : CVE-2024-11168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not...

CVE-2025-54234

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...

CVE-2025-54234

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...

CVE-2025-54234

CVE-2025-54234 affects Adobe ColdFusion: SSRF allows a high-privilege authenticated attacker to cause the application to fetch arbitrary URLs, potentially enabling a limited file system read. Affected versions include ColdFusion 2025.1, 2023.13, 2021.19 and earlier; exploitation requires no user ...

CVE-2025-54234 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...

CVE-2025-54234 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-27907,CVE-2025-33104, CVE-2025-36038)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

PT-2025-33671 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier Description: ColdFusion is susceptible to a Server-Side Request Forgery SSRF issue that may allow limited file system read access. A high-privilege authenticated attacker can exploit th...

Bottinelli Informatical Vedo Suite Server-Side Request Forgery Vulnerability

Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. Bottinelli Informatical Vedo Suite suffers from a server-side request forgery vulnerability, which originates from the /apivedo/video/preview endpoint that do...

Linux Distros Unpatched Vulnerability : CVE-2021-39867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Reque...

Linux Distros Unpatched Vulnerability : CVE-2018-1000546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Triplea version = 1.9.0.0.10291 contains a XML External Entity XXE vulnerability in Importing game data that can result in Possible information disclosure,...

Linux Distros Unpatched Vulnerability : CVE-2019-17400

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. CVE-2019-17400 Note that Nessus relies on the presence ...

CVE-2025-8675

Server-Side Request Forgery SSRF vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6...

CVE-2025-8013

The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests ...