Lucene search
K

9247 matches found

AlmaLinux
AlmaLinux
added 2025/11/12 12:0 a.m.5 views

Important: python-kdcproxy security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.6CVSS7AI score0.00453EPSS
Exploits0References6
NVD
NVD
added 2025/11/11 2:15 p.m.6 views

CVE-2025-11696

A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...

8.9CVSS0.00153EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/10 9:14 a.m.9 views

Server-Side Request Forgery (SSRF)

cors-anywhere is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to instances being configured as open proxies that forward attacker-controlled target URLs, methods, and headers without restriction, which allows an attacker to induce requests to internal-only endpoints...

9.5CVSS7AI score0.01005EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2025/11/07 5:55 p.m.10 views

CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS0.00576EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/07 2:58 a.m.4 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.3AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 9:7 p.m.4 views

EUVD-2025-38186

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

5.3CVSS6.2AI score0.00295EPSS
Exploits1References3
NVD
NVD
added 2025/11/06 7:15 p.m.4 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

7.5CVSS0.00421EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:11 a.m.7 views

Security Bulletin: Due to use of QOS.CH logback, IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution

Summary Due to use of QOS.CH logback IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution CVE-2024-12801, CVE-2024-12798. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version...

5.9CVSS8.1AI score0.00404EPSS
Exploits0Affected Software3
NVD
NVD
added 2025/11/06 6:15 a.m.5 views

CVE-2025-12560

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...

4.3CVSS0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/06 12:0 a.m.2 views

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

6.4AI score0.00208EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/05 11:52 p.m.3 views

EUVD-2025-37958

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...

9.3CVSS6.2AI score0.00964EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/05 10:4 p.m.9 views

CVE-2025-62719

LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...

4.3CVSS6.6AI score0.00278EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/11/05 1:12 p.m.268 views

Exploit for Server-Side Request Forgery in Jetbrains Teamcity

TeamCity IntelliJ IDEA Plugin credential interception CVE-20...

7.5CVSS7AI score0.0134EPSS
Exploits1
Cvelist
Cvelist
added 2025/11/05 6:35 a.m.5 views

CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery

The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...

6.4CVSS0.00192EPSS
Exploits0References3
NVD
NVD
added 2025/11/04 10:16 p.m.5 views

CVE-2025-62719

LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...

4.3CVSS0.00278EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/04 9:57 p.m.11 views

CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality

LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...

2.3CVSS0.00278EPSS
Exploits1References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36862

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

6.1CVSS5.8AI score0.00573EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/30 9:8 a.m.8 views

Server Side Request Forgery (SSRF)

Ghost is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to send crafted requests to internal resources and potentially access sensitive information...

6.5CVSS7AI score0.00483EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2025/10/29 8:48 a.m.311 views

CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.4 views

PT-2025-44268

Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The Keras Model.load model method is susceptible to arbitrary local file loading and Server-Side Request Forgery SSRF, even when safe mode=True is enabled. This issue arises from the handling o...

5.9CVSS7.5AI score0.00239EPSS
Exploits0References25
Rows per page
Query Builder