CVE-2025-2170

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location...

SonicWALL SMA1000 安全漏洞

The SonicWALL SMA1000 is a series of secure mobile access solutions from SonicWALL USA. The SonicWALL SMA1000 suffers from a cross-site request forgery vulnerability that originates from a server-side request forgery on the interface under certain conditions, which can be exploited by an attacker...

CVE-2023-35817

DevExpress before 23.1.3 allows AsyncDownloader SSRF...

CVE-2025-4012

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...

PlayEdu 代码问题漏洞

PlayEdu is an industry-leading online training solution from the China PlayEdu team. A code issue vulnerability exists in PlayEdu 1.8 and earlier versions, which stems from a server-side request forgery due to incorrect operation of the parameter Avatar in the file /api/backend/v1/user/create...

DevExpress 安全漏洞

DevExpress is a software from the American company DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A security vulnerability exists in DevExpress versions prior to 23.1.3, which stems...

CVE-2025-3787

A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

ChurchCRM 代码问题漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.16.0 that stems from a server-side request forgery in the Referer Handler component...

WordPress plugin ShopLentor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Animate 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress plugin WP AVCL Automation Helper (formerly WPFlyLeads) 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists ...

WordPress plugin Simple Google Photos Grid 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin BeerXML Shortcode 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PostHog 代码问题漏洞

PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from the lack of validation of the URI when the slackincomingwebhook parameter is processed, which could lead to server-side request forgery and information disclosure...

PostHog 代码问题漏洞

PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from the databaseschema method implementation not validating the URI, which could lead to server-side request forgery and information disclosure...

IBM Maximo Asset Management 代码问题漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.5.16, which stems from the vulnerability of the verifyconnection function in routers/ollama.py to a server-side request forgery attack...

PbootCMS 安全漏洞

PbootCMS is a PbootCMS open source content management system CMS for building websites for open source businesses developed using the PHP language. A security vulnerability exists in PbootCMS version 3.2.5, which stems from a server-side request forgery issue in the image processing component...

Apache HertzBeat 安全漏洞

Apache HertzBeat is a tool from Apache USA that monitors various components. A security vulnerability exists in Apache HertzBeat versions prior to 1.7.0 that stems from vulnerability to server-side request forgery attacks...

Seven Bears Library CMS 安全漏洞

Seven Bears Library CMS is a content management system by mirweiye individual developer. A security vulnerability exists in Seven Bears Library CMS version 2023, which stems from the Add Link Handler component being susceptible to server-side request forgery attacks...