CVE-2025-45887

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery SSRF in /api/file/getRemoteContent...

CVE-2024-6449 Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

PT-2024-24179 · Mintplex · Mintplex-Labs/Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions 1.2.0 through 1.4.1 mintplex-labs/anything-llm web application affected versions not specified Description: A Cross-Site Scripting XSS vulnerability exists in the application, affecting both the desktop and...

CVE-2022-2353 Cross-Site Request Forgery (CSRF) in microweber/microweber

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user...