EUVD-2022-25245

Malicious code in bioql PyPI...

EUVD-2025-23378

Malicious code in bioql PyPI...

PT-2025-31675 · Unknown · Webfinger.Js

Name of the Vulnerable Software and Affected Versions: webfinger.js versions 2.8.0 and below Description: webfinger.js is a TypeScript-based WebFinger client used in browser and Node.js environments. The lookup function does not prevent access to localhost services, only checking for hosts that...

CVE-2022-36663

Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...

CVE-2022-1977

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks...

Server-Side Request Forgery (SSRF)

Fedify is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the Webfinger mechanism, allowing attackers to perform GET requests to internal resources, cause denial of service via infinite loops, or execute blind SSRF attacks...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting. The vulnerability exists in userreporttracks.php due to the lack of sanitization in user-supplied data, allowing an attacker to inject and execute malicious javascript or cause blind ssrf attacks...