Lucene search
K

9247 matches found

Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.4 views

PT-2025-44312

Name of the Vulnerable Software and Affected Versions Halo CMS version 2.21 Description An unauthenticated server-side request forgery SSRF exists in the Thumbnail via-uri endpoint. This allows a remote attacker to make the server send HTTP requests to URLs controlled by the attacker, potentially...

5.8CVSS6.9AI score0.00275EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/28 7:54 p.m.2 views

CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS5.6AI score0.0032EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/28 3:30 p.m.3 views

EUVD-2025-36533

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS6.2AI score0.0016EPSS
Exploits0References2
CVE
CVE
added 2025/10/28 2:58 p.m.10 views

CVE-2025-36085

IBM Concert Software (versions 1.0.0–2.0.0) is affected by a server-side request forgery (SSRF) vulnerability. The issue arises from insufficient authentication to validate request origins, enabling an authenticated attacker to issue unauthorized requests from the affected system, potentially ena...

5.4CVSS6.3AI score0.0016EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/27 3:30 a.m.4 views

EUVD-2025-35957

Server-Side Request Forgery SSRF vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through = 1.0.3...

4.9CVSS6.5AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/24 9:35 p.m.10 views

CVE-2025-59503

Server-side request forgery ssrf in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network...

10CVSS6.9AI score0.007EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/24 4:47 p.m.5 views

WordPress Slider Templates plugin <= 1.0.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Slider Templates versions = 1.0.3...

4.9CVSS7AI score0.00142EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/10/24 10:15 a.m.5 views

CVE-2025-5350

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...

5.9CVSS0.00583EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/24 12:0 a.m.3 views

WordPress Plugin Captcha.eu Server-Side Request Forgery Attack Vulnerability

WordPress Plugin Captcha.eu is a CAPTCHA plugin for the WordPress platform, which is mainly used to prevent bots from attacking and is also compliant with GDPR General Data Protection Regulation. WordPress Plugin Captcha.eu suffers from a server-side request forgery attack vulnerability that stem...

5.3CVSS7.1AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2025/10/23 10:15 p.m.4 views

CVE-2025-59503

Server-side request forgery ssrf in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network...

10CVSS0.007EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.4 views

CVE-2025-49917

Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...

4.4CVSS7AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.4 views

CVE-2025-49374

Server-Side Request Forgery SSRF vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through = 1.0.61...

5.4CVSS7AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2025/10/23 12:32 p.m.16 views

CVE-2025-11128

CVE-2025-11128 (Feedzy RSS Feeds Lite) is an SSRF vulnerability in the RSS Aggregator by Feedzy plugin for WordPress. The flaw affects all versions up to 5.1.0 and is exploitable by authenticated attackers with Subscriber+ privileges via the feedzy_sanitize_feeds function, enabling web requests f...

5CVSS5.4AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.7 views

PT-2025-43564

Name of the Vulnerable Software and Affected Versions Azure Compute Gallery affected versions not specified Description An authorized attacker can elevate privileges over a network due to a server-side request forgery issue in Azure Compute Gallery. This allows for potential misuse of network...

10CVSS6.5AI score0.007EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35539

Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...

6.5AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 3:15 p.m.4 views

CVE-2025-49917

Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...

4.4CVSS0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/21 9:29 p.m.5 views

CVE-2025-11536

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...

5CVSS5.8AI score0.00218EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/21 10:55 a.m.6 views

WordPress Hercules Core plugin <= 7.4 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin Hercules Core versions = 7.4...

4.8CVSS7AI score0.00145EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/10/21 12:0 a.m.13 views

CVE-2025-62763

CVE-2025-62763 affects Zimbra Collaboration (ZCS) before 10.1.12. The root cause is a misconfiguration of the chat proxy that enables SSRF. The CVSS base metrics indicate a Network attack with Low complexity, Privileges Required: Low, and no user interaction, with partial impact on integrity. The...

5CVSS6.5AI score0.00238EPSS
Exploits0References5
CVE
CVE
added 2025/10/18 4:25 a.m.30 views

CVE-2025-11361

CVE-2025-11361 : Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns (WordPress) is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 5.7.1 via eb_save_ai_generated_image. Authenticated attackers with Author+ privileges can issue web reques...

6.4CVSS5.3AI score0.00275EPSS
Exploits0References3
Rows per page
Query Builder