359 matches found
WordPress RSS Aggregator by Feedzy Code Issue Vulnerability
WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...
CVE-2023-53893
Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery (SSRF) in the job callback URL parameter, enabling an attacker to bypass network restrictions and force the application to make HTTP, DNS, or file requests to arbitrary destinations for enumeration. Affected component...
PT-2025-51311
Name of the Vulnerable Software and Affected Versions Ateme TITAN File version 3.9.12.4 Description The software contains an authenticated server-side request forgery issue in the job callback URL parameter. This allows attackers to bypass network restrictions. Exploitation involves an unvalidate...
CVE-2025-11467
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...
ThinkDashboard 安全漏洞
ThinkDashboard is a lightweight, self-hosted bookmarking dashboard by the individual developer MatiasDesu. A security vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from a server-side request forgery vulnerability in the /api/ping?url= endpoint that could lead an...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
CVE-2025-11917
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematicotestfeed function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...
CVE-2025-10861
CVE-2025-10861: Unauthenticated SSRF in the WordPress plugin “Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers” affecting versions up to and including 2.1.4 due to insufficient URL validation. Exploitation could allow the server to make requests t...
JLSEC-2025-147 A flaw was found in FFmpeg's DASH playlist support
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...
ILLA Builder 安全漏洞
ILLA Builder is a low-code platform open-sourced by ILLA Cloud. A security vulnerability exists in ILLA Builder versions prior to v4.8.5 that stems from the API allowing arbitrary requests to be sent, which could lead to a server-side request forgery attack...
Server-side Request Forgery (SSRF)
Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createRequestUrl function. An attacker can cause the server to make arbitrary HTTP requests to external domains by supplying a...
CVE-2025-59146
Summary: CVE-2025-59146 targets the “New API” SSRF in versions before 0.9.0.5. An authenticated user can submit a URL for the server to fetch, with improper validation allowing server-side requests to arbitrary internal or external destinations. The issue is fixed in 0.9.0.5, which adds a default...
EUVD-2016-2765
Malware in sbrugna...
EUVD-2019-8134
Malware in sbrugna...
EUVD-2016-10293
Malware in sbrugna...
EUVD-2022-31057
Malicious code in bioql PyPI...
EUVD-2024-54198
Malicious code in bioql PyPI...
EUVD-2022-52904
Malicious code in bioql PyPI...
EUVD-2022-3889
Malicious code in bioql PyPI...
EUVD-2021-8787
Malicious code in bioql PyPI...