Apache HTTP Server 代码问题漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that stems from loading modproxy without implementing...

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability, the vulnerability stems from the serv...

Multiple vulnerabilities in Nimesa Backup and Recovery

Overview Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-48501 Server-side request forgery CWE-918 - CVE-2025-53473 Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC...

CVE-2025-7103

A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The...

BoyunCMS 安全漏洞

BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the component curl in the file /application/pay/controller/Index.php, which may lead to server-si...

Nimesa Backup and Recovery 代码问题漏洞

Nimesa Backup and Recovery is a data backup and recovery software from Nimesa India. Nimesa Backup and Recovery suffers from a code issue vulnerability that stems from vulnerability to a server-side request forgery attack that could send unexpected requests to an internal server...

WordPress plugin PayMaster for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin URL Shortener 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Allmart 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2025-5817

The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2wgeturls. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...

WordPress plugin Amazon Products to WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Amazon Products to WooCommerce plugin that stems from insufficient validation of the function wcta2wgeturls, which can be...

The vulnerability of the forumrunner component in the vBulletin commercial web forum allows a hacker to perform an SSRF attack.

The vulnerability of the forumrunner component in the vBulletin commercial web forum is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

ZrLog 安全漏洞

ZrLog is a blogging system developed in Java language by xiaochun individual developer. A security vulnerability exists in ZrLog version 3.1.5, which is caused by a server-side request forgery in the downloadUrl parameter...

BIT-KIBANA-2025-25012 Kibana Open Redirect

URL redirection to an untrusted site 'Open Redirect' in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL...

org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect...

org.apache.kafka: Kafka Client Arbitrary File Read SSRF

A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...

Akamai CloudTest 代码问题漏洞

Akamai CloudTest is a suite of scalable load testing platforms from Akamai Corporation. A code issue vulnerability exists in Akamai CloudTest versions prior to 2025.06.09 that stems from vulnerability to server-side request forgery attacks...

CVE-2025-2940

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the argsurl parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from th...

WordPress plugin Ninja Tables – Easy Data Table Builder 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processing of OpenID Connect tokens. An attacker can access internal network resources and potentially obtain sensitive information by submitting specially crafted tokens that trigger unauthorize...