OneNav 安全漏洞

OneNav is a bookmark management tool from OneNav, Inc. A security vulnerability exists in OneNav version 1.1.0 that stems from a server-side request forgery in a customized header...

maccms10 安全漏洞

maccms10 is magicblack open source a set of PHP + MYSQL environment running under the perfect and powerful rapid site building system. A security vulnerability exists in maccms10 version v2025.1000.4047, which originates from a server-side request forgery in the Capture Custom Interface feature...

maccms10 安全漏洞

maccms10 is magicblack open source a set of PHP + MYSQL environment running under the perfect and powerful rapid website building system. A security vulnerability exists in maccms10 version v2025.1000.4047, which originates from a server-side request forgery in the Add Article feature...

Server-side Request Forgery (SSRF)

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint ...

CVE-2025-30914

Server-Side Request Forgery SSRF vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through = 3.9.2...

CVE-2025-2835

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...

Apache Kylin 代码问题漏洞

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Apache Kylin suffers from a code issue...

GPT Academic Markdown_Translate.get_files_from_everything function server-side request forgery vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. A server-side request forgery vulnerability exists in the GPT Academic MarkdownTranslate.getfilesfromeverything function, which can be exploited by an attacker to cause unauthorized...

WordPress plugin Metform 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress Zapier for WordPress plugin <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function vulnerability

Authenticated Subscriber+ Blind Server-Side Request Forgery via updateduser Function vulnerability discovered by shaman0x01 in WordPress Plugin Zapier for WordPress versions = 1.5.1...

Medium: python3.9

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...

WordPress plugin Zapier 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

The vulnerability of the SmartFabric OS10 network operating system, related to insufficient validation of incoming requests, allows a hacker to execute an SSRF attack.

The vulnerability of the SmartFabric OS10 network operating system is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

CVE-2025-2109

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

WordPress plugin WP Compress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

B&R Industrial Automation B&R APROL 代码问题漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation of Austria. A code issue vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from a server-side request forgery in the APROL Web Portal that could allow a...

B&R Industrial Automation B&R APROL 代码问题漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation of Austria. A code issue vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from a server-side request forgery in the APROL Web Portal, which could allow...

WordPress Export and Import Users and Customers plugin <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function vulnerability

Authenticated Administrator+ Server-Side Request Forgery via validatefile Function vulnerability discovered by HayMiz in WordPress Plugin Import Export WordPress Users versions = 2.6.2...

CVE-2025-2691

Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism...

Server-Side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism. PoC 1 Define an app.js file with the programmatic API of nossrf as...