Lucene search
K

9246 matches found

CVE
CVE
added 2025/12/16 12:14 p.m.9 views

CVE-2025-14443

CVE-2025-14443 describes a vulnerability in the OpenShift API server component (ose-openshift-apiserver) where processing user-supplied image references lacks IP address and network-range validation. This enables internal network enumeration, service discovery, limited information disclosure, and...

6.4CVSS6AI score0.00306EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/16 12:14 p.m.4 views

CVE-2025-14443

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

8.5CVSS5.8AI score0.00306EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.4 views

CVE-2025-66844

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

9.1CVSS6.9AI score0.00247EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.7 views

PT-2025-51774

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.2 Parse Server versions prior to 9.1.1-alpha.1 Description Parse Server, a backend deployable on Node.js infrastructure, contains a flaw in its Instagram authentication adapter. Prior to versions 8.6.2 and...

8.3CVSS6.6AI score0.00291EPSS
Exploits0References9
OSV
OSV
added 2025/12/15 8:33 p.m.4 views

GO-2025-4154 new-api is vulnerable to SSRF Bypass in one-api

new-api is vulnerable to SSRF Bypass in one-api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the repor...

8.5CVSS6.8AI score0.00259EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/15 6:30 p.m.6 views

Grav may be vulnerable to SSRF attack via Twig Templates

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

9.1CVSS6.9AI score0.00247EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/12/15 12:30 a.m.4 views

EUVD-2025-203310

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.2AI score0.00355EPSS
Exploits0References4
Redos
Redos
added 2025/12/15 12:0 a.m.9 views

ROS-20251215-7307

A vulnerability in the GNU Wget download manager is related to insufficient server-side request validation. Exploitation of the vulnerability could allow a remote attacker to perform an SSRF, phishing or man-in-the-middle attack...

6.5CVSS6.9AI score0.0111EPSS
Exploits0
Snyk
Snyk
added 2025/12/14 9:39 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...

6.9CVSS6.7AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/14 9:39 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...

6.9CVSS6.7AI score0.00355EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/12/14 9:27 p.m.5 views

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS7.8AI score0.00355EPSS
Exploits0
EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203235

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...

4.4CVSS5.4AI score0.00158EPSS
Exploits0References3
NVD
NVD
added 2025/12/13 4:16 p.m.3 views

CVE-2025-11970

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...

4.4CVSS0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 7:20 a.m.5 views

EUVD-2025-203050

The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

3.5CVSS5.4AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 7:20 a.m.4 views

CVE-2025-10583 WP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery

The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web reques...

3.5CVSS5.8AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.4 views

PT-2025-50897

The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get server time ajax request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests t...

3.5CVSS5.8AI score0.00201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.8 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS6.9AI score0.00442EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.2 views

GeoServer < 2.25.6 / 2.26.x < 2.26.2 XML External Entity

GeoServer versions prior to 2.25.6, 2.26.x 2.26.2 are affected by an XML External Entity XXE vulnerability. An attacker could exploit this vulnerability by sending a specially crafted XML request to the GeoServer instance, which could lead to unauthorized access to sensitive data, server-side...

9.8CVSS6.8AI score0.66753EPSS
Exploits4References3
NVD
NVD
added 2025/12/09 10:16 p.m.7 views

CVE-2025-67494

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

9.3CVSS0.00452EPSS
Exploits2References2
OSV
OSV
added 2025/12/09 10:16 p.m.3 views

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

7.5CVSS5.8AI score0.00381EPSS
Exploits1References2
Rows per page
Query Builder