Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

CVE-2025-30964 WordPress Photography theme < 7.7.6 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Photography photography allows Server Side Request Forgery.This issue affects Photography: from n/a through 7.7.6...

CVE-2025-26990 WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through = 1.7.1006...

CrushFTP 安全漏洞

CrushFTP is a file transfer server from CrushFTP, Inc. A security vulnerability exists in CrushFTP that stems from vulnerability to server-side request forgery attacks...

WordPress plugin Photography 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

Server-side Request Forgery (SSRF)

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the requests wrapper. An attacker can manipulate the request process to access unauthorized data or interact with internal services by...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2025-3572

SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server...

AutoGPT 代码问题漏洞

AutoGPT is a tool from AutoGPT Open Source. Used to enable everyone to use and build accessible AI. A code issue vulnerability exists in versions of AutoGPT prior to 0.6.1 that stems from a DNS rebinding issue in the request wrapper, which could lead to server-side request forgery...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify v1.0, which stems from a server-side request forgery in the component controllers.console.remotefiles.RemoteFileUploadApi...

Intumit SmartRobot 代码问题漏洞

Intumit SmartRobot is a web development framework from Intumit, Inc. A code issue vulnerability exists in Intumit SmartRobot that stems from vulnerability to server-side request forgery attacks...

Server Side Request Forgery (SSRF)

shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the Email Settings feature, allows attackers to manipulate the server into making arbitrary requests to internal or external resources...

WordPress plugin PowerPress Podcasting 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin SEO Help 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Waymark 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin IndieBlocks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

DNN 代码问题漏洞

DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable and feature-rich. DNN suffers from a code issue vulnerability that stems from bypassing known...

PT-2025-15704

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.8 Description: A bypass has been identified for a previously known vulnerability, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal o...

AIAS 代码问题漏洞

AIAS is an AI one-stop solution from Calvin Personal Developers. AIAS version 20250308 suffers from a code issue vulnerability that stems from the fact that incorrect manipulation of the parameter url can lead to server-side request forgery...

PT-2025-15357 · Unknown · Mymagicpower Aias

Name of the Vulnerable Software and Affected Versions: mymagicpower AIAS 20250308 Description: A critical issue was found in mymagicpower AIAS, affecting an unknown function of the file 2 training platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The...