phproxy 安全漏洞

phproxy is a PHP-based web proxy software from PHProxy open source. A security vulnerability exists in phproxy 1.1.1 and earlier versions, which stems from insufficient validation of the proxurl parameter input and could lead to a server-side request forgery attack...

Eveo URVE Web Manager 安全漏洞

Eveo URVE Web Manager is a digital signage management platform from Eveo, Poland. A security vulnerability exists in Eveo URVE Web Manager version 27.02.2025, which originates from the endpoint /internal/redirect.php that allows server-side request forgery...

Adobe ColdFusion Server-Side Request Forgery Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability, the vulnerability stems from the serv...

Emby Windows 代码问题漏洞

Emby Windows is a media playback application for the Windows platform developed by Emby LLC that supports Windows 10, 11 and later systems. Emby Windows suffers from a server-side request forgery vulnerability that stems from the server not implementing an adequate authentication mechanism to...

CVE-2025-7787

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch...

XXL-JOB 代码问题漏洞

XXL-JOB is a distributed task scheduling platform developed by Xuxueli. A code issue vulnerability exists in XXL-JOB 3.1.1 and earlier versions, which stems from a server-side request forgery attack due to misuse of the httpJobHandler function...

Agorum core open 安全漏洞

Agorum core open is an enterprise content management system from Agorum Germany. A security vulnerability exists in Agorum core open versions prior to 11.9.2 and prior to 11.10.1, which stems from mishandling of the TunnelServlet component and could lead to a server-side request forgery attack...

Apache HTTP Server server-side request forgery vulnerability (CNVD-2025-16613)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that stems from loading modproxy without implementing...

Apache HTTP Server Server-Side Request Forgery Vulnerability (CNVD-2025-16609)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...

Eclipse GlassFish 代码问题漏洞

Eclipse GlassFish is an open source application server from the Eclipse Foundation. A code issue vulnerability exists in Eclipse GlassFish versions 6.2.5 and later, which stems from the risk of a server-side request forgery attack on specific endpoints...

Cisco Unified Intelligence Center 代码问题漏洞

Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides reports related to business data and call center data presentation capabilities. A server-side request forgery vulnerability exists in Cisco Unified Intelligence...

📄 SugarCRM 14.0.0 Code Injection / SSRF / File Read

SugarCRM versions 14.0.0 and below suffer from a LESS code injection vulnerability. User input passed through GET parameters to the /css/preview REST API endpoint is not properly sanitized before parsing it as LESS code. This can be exploited by remote, unauthenticated attackers to inject and...

SugarCRM 代码注入漏洞

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM, Inc. in the United States. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales representatives...

VulnCheck KEV: CVE-2025-4581

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the...

SUSE CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

DEBIAN-CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

UBUNTU-CVE-2024-43394

Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server...

Schneider Electric EcoStruxure IT Data Center Expert 代码问题漏洞

Schneider Electric EcoStruxure IT Data Center Expert is a scalable monitoring software from Schneider Electric France that collects, organizes, and distributes critical device information to provide a comprehensive view of devices. A server-side request forgery vulnerability exists in Schneider...

ALPINE-CVE-2024-43394

Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server...

VulnCheck KEV: CVE-2025-6851

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...