Lucene search
K

9247 matches found

Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.11 views

PT-2025-47317

Name of the Vulnerable Software and Affected Versions Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress versions up to and including 1.2.1 Description The software is susceptible to a Server-Side Request Forgery SSRF issue. Authenticated attackers with Subscriber-leve...

6.4CVSS6.2AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

WordPress plugin Icon List Block 代码问题漏洞

WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...

6.4CVSS6.4AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/17 6:30 p.m.6 views

EUVD-2025-197810

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

7.1CVSS6.6AI score0.00338EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/14 4:5 p.m.6 views

CVE-2025-64525

Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences, the most important of which are:...

6.5CVSS6.9AI score0.01088EPSS
Exploits1References1
OSV
OSV
added 2025/11/14 2:38 p.m.10 views

BIT-ELK-2025-37734 Kibana Origin Validation Error

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

4.3CVSS6.8AI score0.00197EPSS
Exploits0References2
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.16 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-22259

This High severity vulnerability known as CVE-2024-22259 was introduced in 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.9.0...

8.1CVSS6.8AI score0.02573EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.16 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Confluence Data Center and Server - CVE-2023-42282

This is a critical vulnerability in a non-Atlassian Confluence dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This Critical...

9.8CVSS7AI score0.01613EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/11/14 12:1 a.m.6 views

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

6.5CVSS7.1AI score0.0028EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/14 12:0 a.m.2 views

Rockwell Automation Studio 5000 Simulation Interface Server-Side Request Forgery Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...

8.9CVSS5.9AI score0.00153EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/11/13 10:46 p.m.12 views

Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass

Summary In impacted versions of Astro using on-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences the most important of which are: - Middleware-based protected route bypass only via...

6.5CVSS6.3AI score0.01088EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2025/11/13 8:15 p.m.4 views

CVE-2025-64709

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

9.9CVSS0.00328EPSS
Exploits1References1
CVE
CVE
added 2025/11/13 7:42 p.m.18 views

CVE-2025-64709

Typebot (open-source chatbot builder) contains an SSRF flaw in the webhook block’s HTTP Request component affecting versions before 3.13.1. The issue lets authenticated users cause server-side HTTP requests, bypass IMDSv2 via custom header injection, and extract temporary AWS IAM credentials for ...

9.9CVSS6.4AI score0.00328EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/13 7:42 p.m.5 views

CVE-2025-64709 Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

9.6CVSS6.4AI score0.00328EPSS
Exploits1References1
OSV
OSV
added 2025/11/13 4:15 p.m.9 views

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

6.5CVSS5.9AI score0.0028EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Server-Side Request Forgery (SSRF) (CVE-2022-27780)

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

7.5CVSS6.7AI score0.02187EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.7 views

PT-2025-46860

Name of the Vulnerable Software and Affected Versions Astro versions 2.16.0 through 5.15.4 Description Astro, a web framework, contains a flaw in its on-demand rendering feature where the x-forwarded-proto and x-forwarded-port request headers are used without proper sanitization when constructing...

6.5CVSS5.6AI score0.01088EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2025/11/12 4:40 p.m.2 views

CVE-2025-59089

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

5.9CVSS6.1AI score0.00453EPSS
Exploits0References18
Cvelist
Cvelist
added 2025/11/12 9:57 a.m.8 views

CVE-2025-37734 Kibana Origin Validation Error

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

4.3CVSS0.00197EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.5 views

RHEL 9 : python-kdcproxy (RHSA-2025:21139)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21139 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

8.6CVSS5.7AI score0.00453EPSS
Exploits0References6
OSV
OSV
added 2025/11/12 12:0 a.m.6 views

ALSA-2025:21140 Important: idm:DL1 security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV CVE-2025-59088 python-kdcproxy: Remot...

8.6CVSS6.5AI score0.00453EPSS
Exploits0References6
Rows per page
Query Builder