Lucene search
K

9246 matches found

NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-63010

Server-Side Request Forgery SSRF vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through = 7.4...

4.9CVSS0.00145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-50277

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.7.0 and below Description ZITADEL is an open-source identity infrastructure tool susceptible to an unauthenticated, full-read Server-Side Request Forgery SSRF issue. The ZITADEL Login UI V2 incorrectly trusts the...

9.3CVSS6.8AI score0.00452EPSS
Exploits2References9
Vulnrichment
Vulnrichment
added 2025/12/08 9:46 p.m.5 views

CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.6CVSS6.4AI score0.00169EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/08 11:6 a.m.6 views

Server-Side Request Forgery (SSRF)

apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...

9.8CVSS7AI score0.02016EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/08 10:15 a.m.10 views

Server-Side Request Forgery (SSRF)

@angular/ssr is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server to...

8.7CVSS7AI score0.00397EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/12/08 9:15 a.m.4 views

CVE-2025-26487

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

8.6CVSS0.00298EPSS
Exploits0References1
OSV
OSV
added 2025/12/08 9:15 a.m.3 views

CVE-2025-26487

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-59775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM...

7.5CVSS5.4AI score0.00771EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.8 views

Apache 2.4.x < 2.4.66 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.66. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially le...

8.3CVSS7.8AI score0.015EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/06 12:31 a.m.4 views

EUVD-2025-201505

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...

5.8CVSS6.4AI score0.00223EPSS
Exploits0References6
NVD
NVD
added 2025/12/05 11:15 p.m.3 views

CVE-2025-14116

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...

5.8CVSS0.00223EPSS
Exploits0References5
OSV
OSV
added 2025/12/05 11:15 p.m.3 views

CVE-2025-14116

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...

5.1CVSS5.1AI score
Exploits0References5
EUVD
EUVD
added 2025/12/05 12:30 p.m.8 views

EUVD-2025-201394

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

7.5CVSS6.4AI score0.00771EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 11:15 a.m.3 views

DEBIAN-CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

7.5CVSS5.5AI score0.00771EPSS
Exploits0References1
CVE
CVE
added 2025/12/05 10:17 a.m.704 views

CVE-2025-59775

CVE-2025-59775 : SSRF in Apache HTTP Server on Windows when AllowEncodedSlashes On and MergeSlashes Off can leak NTLM hashes to a malicious server. Affected: Apache HTTP Server (Windows). Root cause: SSRF via UNC/NTLM-related handling as described in multiple security bulletins. Remediation: upgr...

7.5CVSS6.5AI score0.00771EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/05 10:17 a.m.67 views

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

0.00771EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/04 10:3 p.m.4 views

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/v1/retrieval/process/web endpoint . An attacker can access internal network resources, cloud metadata endpoints, and sensitive information by submitting crafted...

8.5CVSS6.6AI score0.03965EPSS
Exploits1References2
NVD
NVD
added 2025/12/04 8:16 p.m.6 views

CVE-2025-65958

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to...

8.5CVSS0.03965EPSS
Exploits1References2
CVE
CVE
added 2025/12/04 1:32 p.m.8 views

CVE-2025-14004

Dayrui XunRuiCMS is affected up to version 4.7.1. The vulnerability lies in the Email Setting Handler component, specifically the file /admind45f74adbd95.php?c=email&m=add, where manipulation enables server-side request forgery. Remote exploitation is possible and exploits have been released publ...

9.8CVSS4.7AI score0.00362EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49178

Name of the Vulnerable Software and Affected Versions kube-controller-manager affected versions not specified Description An issue exists in kube-controller-manager when utilizing the in-tree Portworx StorageClass, allowing authorized users to potentially leak information from unprotected endpoin...

9.8CVSS6.3AI score0.0063EPSS
Exploits3References221
Rows per page
Query Builder