9247 matches found
PT-2025-44312
Name of the Vulnerable Software and Affected Versions Halo CMS version 2.21 Description An unauthenticated server-side request forgery SSRF exists in the Thumbnail via-uri endpoint. This allows a remote attacker to make the server send HTTP requests to URLs controlled by the attacker, potentially...
CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...
EUVD-2025-36533
IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-36085
IBM Concert Software (versions 1.0.0–2.0.0) is affected by a server-side request forgery (SSRF) vulnerability. The issue arises from insufficient authentication to validate request origins, enabling an authenticated attacker to issue unauthorized requests from the affected system, potentially ena...
EUVD-2025-35957
Server-Side Request Forgery SSRF vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through = 1.0.3...
CVE-2025-59503
Server-side request forgery ssrf in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network...
WordPress Slider Templates plugin <= 1.0.3 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Slider Templates versions = 1.0.3...
CVE-2025-5350
SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...
WordPress Plugin Captcha.eu Server-Side Request Forgery Attack Vulnerability
WordPress Plugin Captcha.eu is a CAPTCHA plugin for the WordPress platform, which is mainly used to prevent bots from attacking and is also compliant with GDPR General Data Protection Regulation. WordPress Plugin Captcha.eu suffers from a server-side request forgery attack vulnerability that stem...
CVE-2025-59503
Server-side request forgery ssrf in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-49917
Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...
CVE-2025-49374
Server-Side Request Forgery SSRF vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through = 1.0.61...
CVE-2025-11128
CVE-2025-11128 (Feedzy RSS Feeds Lite) is an SSRF vulnerability in the RSS Aggregator by Feedzy plugin for WordPress. The flaw affects all versions up to 5.1.0 and is exploitable by authenticated attackers with Subscriber+ privileges via the feedzy_sanitize_feeds function, enabling web requests f...
PT-2025-43564
Name of the Vulnerable Software and Affected Versions Azure Compute Gallery affected versions not specified Description An authorized attacker can elevate privileges over a network due to a server-side request forgery issue in Azure Compute Gallery. This allows for potential misuse of network...
EUVD-2025-35539
Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...
CVE-2025-49917
Server-Side Request Forgery SSRF vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through = 5.9.5...
CVE-2025-11536
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...
WordPress Hercules Core plugin <= 7.4 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin Hercules Core versions = 7.4...
CVE-2025-62763
CVE-2025-62763 affects Zimbra Collaboration (ZCS) before 10.1.12. The root cause is a misconfiguration of the chat proxy that enables SSRF. The CVSS base metrics indicate a Network attack with Low complexity, Privileges Required: Low, and no user interaction, with partial impact on integrity. The...
CVE-2025-11361
CVE-2025-11361 : Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns (WordPress) is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 5.7.1 via eb_save_ai_generated_image. Authenticated attackers with Author+ privileges can issue web reques...