Lucene search
K

135 matches found

CVE
CVE
added 2026/02/05 9:13 a.m.16 views

CVE-2026-1294

The CVE-2026-1294 issue affects the WordPress plugin All In One Image Viewer Block, version

7.2CVSS5.6AI score0.00293EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/05 9:13 a.m.28 views

CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

7.2CVSS0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/05 9:13 a.m.6 views

EUVD-2026-5548

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

7.2CVSS5.6AI score0.00293EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/05 7:21 a.m.7 views

WordPress All In One Image Viewer Block plugin <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability

Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability discovered by WordFence in WordPress Plugin Image Map Block – Gutenberg block to create image map with hyperlink versions = 1.0.2...

7.2CVSS5.4AI score0.00293EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.6 views

CVE-2021-31216

Siren Investigate before 11.1.1 contains a server side request forgery SSRF defect in the built-in image proxy route which is enabled by default. An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs...

8.1CVSS7AI score0.00724EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/23 9:49 a.m.6 views

Server-side Request Forgery (SSRF)

Astro is vulnerable to server-side request forgery SSRF. The vulnerability is due to improper image proxy domain validation, which allows an attacker to bypass restrictions using backslashes in the href parameter and trigger server-side requests to arbitrary URLs...

7.2CVSS5.8AI score0.0032EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/29 8:11 p.m.5 views

CVE-2025-59837

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS6.3AI score0.00773EPSS
Exploits2References1
NVD
NVD
added 2025/10/28 8:15 p.m.12 views

CVE-2025-59837

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS0.0032EPSS
Exploits1References3
CVE
CVE
added 2025/10/28 7:54 p.m.14 views

CVE-2025-59837

Astro (web framework) versions 5.13.4–5.13.9 vulnerable to image proxy domain validation bypass via backslashes in the href, enabling server-side requests to arbitrary URLs and potentially SSRF and XSS. Root cause: incomplete fix for CVE-2025-58179; fix implemented in 5.13.10. Affected component:...

7.2CVSS5.6AI score0.0032EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/28 7:54 p.m.6 views

EUVD-2025-36542

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS5.8AI score0.00773EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/10/28 7:54 p.m.11 views

CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS0.0032EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/28 7:54 p.m.2 views

CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS5.6AI score0.0032EPSS
Exploits1References3
OSV
OSV
added 2025/10/28 7:54 p.m.4 views

CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS6.4AI score0.0032EPSS
Exploits1References5
OSV
OSV
added 2025/10/28 5:45 p.m.5 views

GHSA-QCPR-679Q-RHM2 Astro's bypass of image proxy domain validation leads to SSRF and potential XSS

Summary This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes \ - the endpoint still issues a server-side fetch. PoC...

7.2CVSS6.8AI score0.0032EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/10/28 5:45 p.m.9 views

Astro's bypass of image proxy domain validation leads to SSRF and potential XSS

Summary This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes \ - the endpoint still issues a server-side fetch. PoC...

7.2CVSS7.1AI score0.0032EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.5 views

Astro 代码问题漏洞

Astro is an Astro open source web framework for content-driven websites. A code issue vulnerability exists in Astro versions 5.13.4 through prior to 5.13.10, which stems from the use of a backslash in the href parameter to bypass image proxy domain validation, potentially leading to server-side...

7.2CVSS6.2AI score0.0032EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.6 views

PT-2025-44205

Name of the Vulnerable Software and Affected Versions Astro versions 5.13.4 through 5.13.9 Description Astro’s image proxy has a domain validation bypass issue. Using backslashes in the href parameter can circumvent the validation, enabling server-side requests to arbitrary URLs. This can result ...

7.2CVSS5.2AI score0.0032EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18129

Malware in sbrugna...

8.1CVSS8.1AI score0.00724EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-3544

Malware in sbrugna...

5CVSS6.1AI score0.02354EPSS
Exploits1References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-27471

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00633EPSS
Exploits1References2
Rows per page
Query Builder