CVE-2025-69239

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

EUVD-2025-208705

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

CVE-2025-69239

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

CVE-2025-69239

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

CVE-2025-69239 Server-Site Request Forgery in Raytha CMS

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

Raytha CMS 代码问题漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained code vulnerabilities. These vulnerabilities stemmed from the “Themes – Import from URL” feature, which had a server-side request forgeing vulnerability. This...

WeKnora is Vulnerable to SSRF via Redirection

Summary The application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive URL validation blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints, it fails to...

GHSA-MW39-9QC2-F7MG Rancher exposes sensitive information through audit logs

Impact Note: The exploitation of this issue requires that the malicious user have access to Rancher’s audit log storage. A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any enti...

CVE-2025-9539 AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.3.6 - Missing Authorization To Authenticated (Subscriber+) Remote Code Execution via Automation Creation

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwpajaximportautomationfromurl function in all versions up to, and...

PT-2023-32845 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A critical issue affects the import function in the FileController.php file, where the manipulation of the importUrl argument leads to server-side request forgery. This can be initiated remotely and...

SSRF via Import URL

Description While importing CSV and Excel file via an URL, the server does not validate requests properly that's how the attacker can able to make requests to internal servers and access the contents. Proof of Concept 1. Go to any project 2. From Dashboard, click on Add / Import CSV or Microsoft...

GitLab: Injection of `http.<url>.*` git config settings leading to SSRF

Summary When import a repo with credentials via a URL, gitaly generates the git clone command with a -c flag to add the Authorization header: https://gitlab.com/gitlab-org/gitaly/-/blob/master/internal/service/repository/createfromurl.goL37 go flags = appendflags, git.ValueFlagName: "-c", Value:...

Lychee 'importUrl()' function remote code execution vulnerability

Lychee is a free, open source image management tool. A remote code execution vulnerability exists in Lychee. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application, which could also result in a denial of service...

CVE-2013-4546

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL...

CVE-2013-4546

Removed by vendor...

CVE-2013-4546

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL...

Opera crossite access

Crossite scripting via @import url...