Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/07/23 12:57 a.m.12 views

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

8.6CVSS7.2AI score0.0158EPSS
Exploits1References1
Circl
Circl
added 2025/07/22 12:54 a.m.20 views

CVE-2025-36845

creationtimestamp| type| source ---|---|--- 2025-07-22 00:54:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lujc6n4paj2j 2026-01-16 07:26:42+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-36845.yaml 2026-01-17...

8.6CVSS5.7AI score0.0158EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/07/21 12:0 a.m.2 views

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

6.7AI score0.0158EPSS
Exploits1References2
EUVD
EUVD
added 2025/07/21 12:0 a.m.8 views

EUVD-2025-22140

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shellexec function of PHP...

9.8CVSS6.3AI score0.04732EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/07/21 12:0 a.m.13 views

CVE-2025-36845

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /internal/redirect.php allows for Server-Side Request Forgery SSRF. The endpoint takes a URL as input, sends a request to this address, and reflects the content in the response. This can be used to request endpoints only...

0.0158EPSS
Exploits1References2
CVE
CVE
added 2025/07/21 12:0 a.m.33 views

CVE-2025-36846

CVE-2025-36846 affects Eveo URVE Web Manager 27.02.2025. The issue is an OS Command Injection in the /_internal/pc/vpro.php endpoint, where an input parameter is passed directly to PHP shell_exec(), enabling arbitrary command execution. CVSS 3.1 base score 9.8 (CRITICAL) with network access, no p...

9.8CVSS7.2AI score0.04732EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/07/21 12:0 a.m.29 views

CVE-2025-36845

CVE-2025-36845 affects Eveo URVE Web Manager 27.02.2025. A server-side request forgery exists in /_internal/redirect.php due to improper validation of the URL input, enabling the app server to request internal endpoints and reflect content in the response. The Nuclei template confirms the SSRF pa...

8.6CVSS7.1AI score0.0158EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder