The vulnerability of the data loading function from the arxiv scientific article archive in the GPT Academic machine learning application allows a hacker to perform an SSRF attack.

The vulnerability of the data loading function in the arxiv scientific article application for machine learning GPT Academic is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

WordPress Bit Form – Contact Form plugin <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Bit Form versions = 2.17.4...

WordPress Oshine Modules plugin < 3.3.6 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Oshine Modules versions 3.3.8...

imgproxy 代码问题漏洞

imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A code issue vulnerability exists in imgproxy that stems from the presence of a server-side request forgery vulnerability against 0.0.0.0...

CVE-2024-10705

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpgdownloadfilebylink' function. This makes it possible for authenticated attackers, with editor-level access and above, to make web...

WordPress plugin Contact Form by Bit Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...

CVE-2024-11913

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...

WordPress Chained Quiz Plugin <= 1.3.2.9 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita in WordPress Plugin Chained Quiz versions = 1.3.2.9...

WordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita in WordPress Plugin Comment Edit Core – Simple Comment Editing versions = 3.0.33...

WordPress Extensions For CF7 Plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita in WordPress Plugin Extensions For CF7 versions = 3.2.0...

WordPress plugin Chained Quiz 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A code issue vulnerability...

PT-2025-5515 · Kiboko · Kiboko Labs Chained Quiz

Name of the Vulnerable Software and Affected Versions: Kiboko Labs Chained Quiz versions 1.3.2.9 and earlier Description: A Server-Side Request Forgery SSRF issue allows for server-side request forgery. This issue may potentially be exploited to access internal resources or conduct further attack...

PT-2025-5517 · Unknown · Dlx Plugins Comment Edit Core

Name of the Vulnerable Software and Affected Versions: DLX Plugins Comment Edit Core – Simple Comment Editing versions through 3.0.33 Description: A Server-Side Request Forgery SSRF issue affects the software, allowing for Server Side Request Forgery. Recommendations: For versions through 3.0.33,...

Elastic Kibana 代码问题漏洞

Elastic Kibana is a usable data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that stems from server-side request forgery in the /api/fleet/healthcheck API, which can be used to send requests to internal endpoints...

HCL BigFix Patch Management 代码问题漏洞

HCL BigFix Patch Management is a comprehensive patch management solution from HCL Corporation, USA, designed to help organizations effectively manage and deploy security and non-security patches for operating systems and applications. A security vulnerability exists in HCL BigFix Patch Management...

Kibana 8.15.0 Security Update (ESA-2024-29, ESA-2024-30)

Kibana server-side request forgery ESA-2024-29 A server side request forgery vulnerability was identified in Kibana where the /api/fleet/healthcheck API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that retu...

CVE-2024-13360

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicgtroubleshootaddvector. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by shaman0x01 in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

Lexmark CX930 安全漏洞

The Lexmark CX930 is a large format color MFP from Lexmark USA. A security vulnerability exists in the Lexmark CX930 that originates from a server-side request forgery SSRF vulnerability in the Web Services feature...

Apache Ranger 输入验证错误漏洞

Apache Ranger is a set of architectures from the Apache USA Foundation that implement comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing, and data protection. An...