Lucene search
K

9247 matches found

Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49178

Name of the Vulnerable Software and Affected Versions kube-controller-manager affected versions not specified Description An issue exists in kube-controller-manager when utilizing the in-tree Portworx StorageClass, allowing authorized users to potentially leak information from unprotected endpoin...

9.8CVSS6.3AI score0.0063EPSS
Exploits3References221
CVE
CVE
added 2025/12/03 5:0 p.m.11 views

CVE-2025-20388

CVE-2025-20388 affects Splunk Enterprise and Splunk Cloud Platform. A user with a role that has the high-privilege capability change_authentication could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. Affected v...

2.7CVSS6.3AI score0.00315EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2025/12/02 9:51 a.m.3 views

EUVD-2025-200216

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

2.1CVSS6.5AI score0.00257EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.10 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

9.1CVSS6.9AI score0.00288EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/01 10:25 p.m.3 views

CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

6.9CVSS6.3AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.7 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

0.00288EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.4 views

PT-2025-48576

Name of the Vulnerable Software and Affected Versions Portkey.ai Gateway versions prior to 1.14.0 Description The Portkey.ai Gateway, a fast AI Gateway with integrated guardrails, is susceptible to Server-Side Request Forgery SSRF attacks in versions before 1.14.0. The gateway determines the...

9.8CVSS6.5AI score0.00323EPSS
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:53 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Open Redirect / Server-Side Request Forgery (SSRF) bypass due to Python

Summary Python is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control...

6.1CVSS6.3AI score0.00313EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/11/27 9:27 a.m.24 views

CVE-2025-13378

CVE-2025-13378 affects the WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS. Versions

6.5CVSS5.5AI score0.00249EPSS
Exploits0References5
Snyk
Snyk
added 2025/11/25 12:4 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass method. An attacker can access internal network resources by leveraging a 302 redirect to bypass existing security restrictions. PoC python from flask import Flask, redirect app = Flasknam...

8.5CVSS6.6AI score0.00259EPSS
Exploits0References2
CVE
CVE
added 2025/11/24 11:56 p.m.16 views

CVE-2025-62155

The CVE-2025-62155 entry concerns QuantumNous/new-api. A SSRF vulnerability existed prior to version 0.9.6 where the fix only protected the first URL request; an attacker could bypass via a 302 redirect and reach internal/intranet resources. The issue has been addressed in version 0.9.6, accordin...

8.5CVSS6.5AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/23 12:0 a.m.4 views

PT-2025-47865

Name of the Vulnerable Software and Affected Versions WP Shortcodes Plugin – Shortcodes Ultimate versions prior to 7.4.6 Description The Shortcodes Ultimate plugin for WordPress is susceptible to Server-Side Request Forgery SSRF. This allows authenticated attackers with Administrator-level access...

6.4CVSS6.1AI score0.00162EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.5 views

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

7.8CVSS7.1AI score0.00346EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.8 views

CVE-2025-12359

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

5.4CVSS5.7AI score0.00208EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

TencentOS Server 3: httpd:2.4 (TSSA-2024:0763)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0763 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

9.8CVSS7.4AI score0.41611EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/19 8:45 p.m.9 views

CVE-2025-13147 External Service Interaction (DNS)

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

5.3CVSS0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/19 2:10 p.m.7 views

CVE-2025-12376

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.4CVSS5.8AI score0.00162EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/19 8:16 a.m.3 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00397EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/18 1:54 p.m.8 views

CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.4CVSS0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/18 12:0 a.m.6 views

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

0.00346EPSS
Exploits1References2
Rows per page
Query Builder