Visualizer <3.3.1 - Blind Server-Side Request Forgery

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...

📄 SPIP Blind Server-Side Request Forgery

SPIP versions prior to 4.4.9 suffers from a blind server-side request forgery vulnerability within the private administration interface. ============================================================================================================================================= | Title : SPIP 4.4...

CVE-2023-45966

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery SSRF vulnerability...

EUVD-2020-21818

Malware in sbrugna...

EUVD-2024-54198

Malicious code in bioql PyPI...

CVE-2025-32948 PeerTube ActivityPub Playlist Creation Blind SSRF and DoS

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs Blind SSRF. Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to creat...

PT-2025-16350 · Peertube · Peertube

Name of the Vulnerable Software and Affected Versions: PeerTube affected versions not specified Description: The issue allows an attacker to cause the PeerTube server to stop functioning or, in special cases, send requests to arbitrary URLs, which is known as Blind Server-Side Request Forgery SSR...

CVE-2025-27784 Applio allows arbitrary file read in train.py export_pth function

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's exportpth function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files...

CVE-2024-13924 Starter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery

The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'httprequesthostisexternal' filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2024-13904 Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery

The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...

CVE-2025-22399

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery...

CVE-2024-11913 Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...

CVE-2024-11913 Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...

Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify

Summary This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover,...

CVE-2025-23221

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security...

CVE-2025-23221 Fedify has an Infinite loop and Blind SSRF found inside the Webfinger mechanism

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security...

Nextcloud: Blind SSRF Vulnerability in Appstore Release Upload Form

Vulnerability description not provided...

Debian dla-3925 : asterisk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3925 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3925-1 [email protected]...

CVE-2024-42365

Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...

CVE-2024-42365 Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan

Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...