9239 matches found
WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...
PT-2025-54403
Server-Side Request Forgery SSRF vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7...
PT-2025-54458
Name of the Vulnerable Software and Affected Versions Cowrie versions prior to 2.9.0 Description Cowrie versions before 2.9.0 have a server-side request forgery SSRF issue in the emulated shell implementations of wget and curl. The default configuration allows these commands to make real outbound...
EUVD-2025-205730
Server-Side Request Forgery SSRF vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through = 1.3.5...
CVE-2024-25181
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...
CVE-2025-68893
Server-Side Request Forgery SSRF vulnerability in HETWORKS WordPress Image shrinker wp-image-shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through = 1.1.0...
CVE-2025-68893 WordPress WordPress Image shrinker plugin <= 1.1.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in HETWORKS WordPress Image shrinker wp-image-shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through = 1.1.0...
PT-2025-53754
Name of the Vulnerable Software and Affected Versions Hemmelig versions prior to 7.3.3 Description A Server-Side Request Forgery SSRF filter bypass exists in the webhook URL validation of the Secret Requests feature in Hemmelig, a messaging app with client-side encryption and self-destructing...
PT-2025-53751
Name of the Vulnerable Software and Affected Versions HETWORKS WordPress Image shrinker versions through 1.1.0 Description The WordPress Image shrinker plugin contains a Server-Side Request Forgery SSRF flaw. This allows for Server Side Request Forgery. Recommendations Update HETWORKS WordPress...
CVE-2024-25181
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...
CVE-2025-15098 YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery
A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can lead to server-side request forgery. The attack m...
Debian dla-4421 : python3-urllib3 - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4421 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4421-1 [email protected]...
PT-2025-132: Server-side Request Forgery (SSRF) in OpenPDF
The vulnerability was identified in OpenPDF, versions 2.0.3. The discovered vulnerability allows an attacker craft arbitrary HTTP requests that the vulnerable server will send to both external services and internal network endpoints. By exploiting this, the attacker can exfiltrate sensitive data...
CVE-2025-68600
Server-Side Request Forgery SSRF vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through = 7.8.7...
CVE-2025-68500
Server-Side Request Forgery SSRF vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through = 4.0.10...
CVE-2025-67623 WordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through = 2.22.0...
Server-Side Request Forgery (SSRF)
@lobehub/chat is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and restriction of user-supplied URLs in the tools.search.crawlPages tRPC endpoint, which allows an attacker with a valid token to supply arbitrary URLs and force the server to mak...
Teradek VidiU Pro 安全漏洞
Teradek VidiU Pro is a hardware live streaming encoder from Teradek USA. A security vulnerability exists in Teradek VidiU Pro version 3.0.3, which stems from the mishandling of the url and xmlurl parameters by the management interface, which could lead to a server-side request forgery attack...
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Summary The download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints AWS/GCP/Azure, as well as...
CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...