CVE-2021-27329

Friendica 2021.01 allows SSRF via parseurl?binurl= for DNS lookups or HTTP requests to arbitrary domain names...

CVE-2025-36754

Technical details (affected product/versions, root cause, exploit specifics) are not publicly provided in the connected documents. Monitor for updates.

EUVD-2016-10493

Malware in sbrugna...

EUVD-2022-53091

Malicious code in bioql PyPI...

CVE-2024-1884

This is a Server-Side Request Forgery SSRF vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing...

CVE-2022-22364

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

CVE-2025-25477

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...

PT-2025-9042 · Syspass · Syspass

Name of the Vulnerable Software and Affected Versions: SysPass versions 3.2.x Description: A host header injection vulnerability in SysPass allows an attacker to load malicious JS files from an arbitrary domain, which would be executed in the victim's browser. Recommendations: For SysPass version...

CVE-2025-25477

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...

MAL-2025-748 Malicious code in react-native-country-picker-modal-modified (npm)

The package executes harmful command in pre-installation script to send sensitive data to an arbitrary domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69921c906d4d0ecfa3ba0de532e27f29b18c6be04a563ba99aa0590b1fcc77a8 Any computer that has this package install...

LiteLLM 代码问题漏洞

LiteLLM is an open source application from LiteLLM. All LLM APIs can be called using the OpenAI format. A code issue vulnerability exists in LiteLLM version 1.38.10, which stems from vulnerability to a server-side request forgery attack, where a user can specify parameters when sending a request,...

CVE-2022-22364

CVE-2022-22364 affects IBM Controller: 10.4.1, 10.4.2, and 11.0.0. The issue is an External Service Interaction vulnerability caused by improper validation of user-supplied input, allowing a remote attacker to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary...

WordPress Plugin Pexels Free Stock Photos Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

GHSA-G3CM-QG2V-2HJ5 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

Summary Open redirect vulnerability due to incorrect validation of input values when redirecting users after login. Details pyload is validating URLs via the getredirecturl function when redirecting users at login. The URL entered in the next variable goes through the issafeurl function, where a...

Open redirect

An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain...

Project Worlds Online Examination System Input Validation Error Vulnerability

Project Worlds Online Examination System is an online examination system. Project Worlds Online Examination System v1.0 suffers from an input validation error vulnerability that stems from susceptibility to multiple open redirection vulnerabilities that allow an attacker to redirect a victim user...

CVE-2022-4946

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

CVE-2022-4946

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

CVE-2023-24044

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."...

CVE-2022-31657

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain...