Lucene search
+L

359 matches found

cnvd
cnvd
added 2025/12/16 12:0 a.m.6 views

WordPress RSS Aggregator by Feedzy Code Issue Vulnerability

WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...

5.8CVSS7.2AI score0.00227EPSS
Exploits0References1
cve
cve
added 2025/12/15 8:28 p.m.16 views

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery (SSRF) in the job callback URL parameter, enabling an attacker to bypass network restrictions and force the application to make HTTP, DNS, or file requests to arbitrary destinations for enumeration. Affected component...

6.5CVSS6.6AI score0.00246EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2025/12/15 12:0 a.m.11 views

PT-2025-51311

Name of the Vulnerable Software and Affected Versions Ateme TITAN File version 3.9.12.4 Description The software contains an authenticated server-side request forgery issue in the job callback URL parameter. This allows attackers to bypass network restrictions. Exploitation involves an unvalidate...

6.5CVSS6.7AI score0.00246EPSS
Exploits1References7
nvd
nvd
added 2025/12/11 3:15 a.m.13 views

CVE-2025-11467

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...

5.8CVSS0.00227EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/11/06 12:0 a.m.5 views

ThinkDashboard 安全漏洞

ThinkDashboard is a lightweight, self-hosted bookmarking dashboard by the individual developer MatiasDesu. A security vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from a server-side request forgery vulnerability in the /api/ping?url= endpoint that could lead an...

5.3CVSS6.8AI score0.00322EPSS
Exploits1References3
cvelist
cvelist
added 2025/11/06 12:0 a.m.13 views

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

0.0046EPSS
Exploits1References2
nvd
nvd
added 2025/11/05 7:15 a.m.2 views

CVE-2025-11917

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematicotestfeed function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

6.4CVSS0.00217EPSS
Exploits0References5
cve
cve
added 2025/10/24 11:25 a.m.18 views

CVE-2025-10861

CVE-2025-10861: Unauthenticated SSRF in the WordPress plugin “Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers” affecting versions up to and including 2.1.4 due to insufficient URL validation. Exploitation could allow the server to make requests t...

7.5CVSS5.7AI score0.0035EPSS
Exploits0References5
osv
osv
added 2025/10/19 7:8 p.m.5 views

JLSEC-2025-147 A flaw was found in FFmpeg's DASH playlist support

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

7.2CVSS6.6AI score0.00274EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/10/17 12:0 a.m.6 views

ILLA Builder 安全漏洞

ILLA Builder is a low-code platform open-sourced by ILLA Cloud. A security vulnerability exists in ILLA Builder versions prior to v4.8.5 that stems from the API allowing arbitrary requests to be sent, which could lead to a server-side request forgery attack...

9.6CVSS6.7AI score0.00402EPSS
Exploits0References3
snyk
snyk
added 2025/10/16 7:42 p.m.9 views

Server-side Request Forgery (SSRF)

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createRequestUrl function. An attacker can cause the server to make arbitrary HTTP requests to external domains by supplying a...

8.7CVSS7.1AI score0.00406EPSS
Exploits1References2
cve
cve
added 2025/10/09 6:58 p.m.31 views

CVE-2025-59146

Summary: CVE-2025-59146 targets the “New API” SSRF in versions before 0.9.0.5. An authenticated user can submit a URL for the server to fetch, with improper validation allowing server-side requests to arbitrary internal or external destinations. The issue is fixed in 0.9.0.5, which adds a default...

8.5CVSS6.3AI score0.00225EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.1 views

EUVD-2016-2765

Malware in sbrugna...

5.3CVSS7.4AI score0.00943EPSS
Exploits0References18
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-8134

Malware in sbrugna...

8.8CVSS8.5AI score0.00983EPSS
Exploits4References12
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-10293

Malware in sbrugna...

7.8CVSS7.5AI score0.01279EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-31057

Malicious code in bioql PyPI...

9.1CVSS9AI score0.0768EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54198

Malicious code in bioql PyPI...

9.1CVSS9.2AI score0.00397EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-52904

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.00977EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3889

Malicious code in bioql PyPI...

9.4CVSS8.8AI score0.01095EPSS
Exploits1References6
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-8787

Malicious code in bioql PyPI...

9CVSS6.7AI score0.00817EPSS
Exploits0References1
Rows per page
Query Builder