135 matches found
CVE-2026-1294
The CVE-2026-1294 issue affects the WordPress plugin All In One Image Viewer Block, version
CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint
The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...
EUVD-2026-5548
The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...
WordPress All In One Image Viewer Block plugin <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability
Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability discovered by WordFence in WordPress Plugin Image Map Block – Gutenberg block to create image map with hyperlink versions = 1.0.2...
CVE-2021-31216
Siren Investigate before 11.1.1 contains a server side request forgery SSRF defect in the built-in image proxy route which is enabled by default. An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs...
Server-side Request Forgery (SSRF)
Astro is vulnerable to server-side request forgery SSRF. The vulnerability is due to improper image proxy domain validation, which allows an attacker to bypass restrictions using backslashes in the href parameter and trigger server-side requests to arbitrary URLs...
CVE-2025-59837
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...
CVE-2025-59837
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...
CVE-2025-59837
Astro (web framework) versions 5.13.4–5.13.9 vulnerable to image proxy domain validation bypass via backslashes in the href, enabling server-side requests to arbitrary URLs and potentially SSRF and XSS. Root cause: incomplete fix for CVE-2025-58179; fix implemented in 5.13.10. Affected component:...
EUVD-2025-36542
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...
CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...
CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...
CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...
GHSA-QCPR-679Q-RHM2 Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
Summary This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes \ - the endpoint still issues a server-side fetch. PoC...
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
Summary This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes \ - the endpoint still issues a server-side fetch. PoC...
Astro 代码问题漏洞
Astro is an Astro open source web framework for content-driven websites. A code issue vulnerability exists in Astro versions 5.13.4 through prior to 5.13.10, which stems from the use of a backslash in the href parameter to bypass image proxy domain validation, potentially leading to server-side...
PT-2025-44205
Name of the Vulnerable Software and Affected Versions Astro versions 5.13.4 through 5.13.9 Description Astro’s image proxy has a domain validation bypass issue. Using backslashes in the href parameter can circumvent the validation, enabling server-side requests to arbitrary URLs. This can result ...
EUVD-2021-18129
Malware in sbrugna...
EUVD-2006-3544
Malware in sbrugna...
EUVD-2025-27471
Malicious code in bioql PyPI...