CVE-2025-27652

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015...

Vasion Print 代码问题漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print versions prior to 22.0.862 and Application 20.0.2014 that stems from a server-side request forgery in the CPA v1 component...

Vasion Print 代码问题漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print versions prior to 22.0.862 and Application 20.0.2014 that stems from a server-side request forgery in the Elatec component...

Vasion Print 代码问题漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print that stems from a server-side request forgery in the rfIDEAS component...

CVE-2025-1849

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /importdatatodb. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-1848

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unknown function of the file /importdatacheck. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to...

CVE-2025-1833

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

zz 代码问题漏洞

zz is an e-commerce platform for zj1983 individual developers. A code issue vulnerability exists in zz 2024-8 and prior versions, which stems from improper handling of the url parameter in the HTTP request handling component, leading to server-side request forgery...

CVE-2025-1799

A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. This affects the function previewAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument data leads to server-side request forgery. It is possible to initiate the attack...

Server-side Request Forgery (SSRF)

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the allowAbsoluteUrls attribute being ignored in the call to the buildFullPath function from the HTTP adapter. An...

WordPress plugin Better Messages 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-1662

The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'urlmediauploaderurlupload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrar...

WordPress plugin URL Media Uploader 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-13907

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2024-13905

The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and...

WordPress plugin Total Upkeep 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Sucms 安全漏洞

Sucms is a completely open source and free PHP+MYSQL system by China Subianji team. A security vulnerability exists in Sucms v1.0, which stems from a server-side request forgery in the adminwebgather.php component that allows access to internal data and services...

WordPress plugin OneStore Sites 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress OneStore Sites plugin <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin OneStore Sites versions = 0.1.1...

emlog 安全漏洞

emlog is a PHP and MySQL based CMS website builder by emlog's individual developers. A security vulnerability exists in emlog Pro version v2.5.4, which originates from the sort.php component and is susceptible to server-side request forgery attacks...