Lucene search
+L

92 matches found

Cvelist
Cvelist
added 2025/10/24 9:23 a.m.14 views

CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

6.8CVSS0.00358EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-16413

Malware in sbrugna...

9.8CVSS9.2AI score0.00643EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-0778

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00948EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2680

Malicious code in bioql PyPI...

6.1CVSS5.8AI score0.009EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/09/17 7:20 p.m.3 views

CVE-2025-59346 Dragonfly server-side request forgery vulnerability

Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery SSRF vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to...

6.9CVSS6.5AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2025/09/15 2:15 p.m.23 views

CVE-2025-50110

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...

8.8CVSS0.00249EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/09/15 12:0 a.m.3 views

CVE-2025-50110

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...

6.4AI score0.00249EPSS
Exploits2References1
OSV
OSV
added 2025/08/26 5:52 p.m.4 views

CVE-2025-57818 Firecrawl SSRF Vulnerability via malicious webhook

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery SSRF vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with...

6.3CVSS7AI score0.00255EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/05/28 5:47 p.m.18 views

CVE-2025-5256 Open Redirect vulnerability on user unlock path

SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits. Open Redirection...

5.4CVSS0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.4 views

CVE-2021-45328

Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site 'Open Redirect' via internal URLs...

6.1CVSS6.7AI score0.00948EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:30 p.m.9 views

CVE-2021-29954

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210428201255...

9.8CVSS6.7AI score0.00643EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/20 4:3 p.m.17 views

CVE-2024-27184 [20240801] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

7.2AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/20 4:3 p.m.27 views

CVE-2024-27184 [20240801] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

0.00239EPSS
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/03/20 12:0 a.m.21 views

[20240801] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

6.1CVSS5.8AI score0.00239EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.8 views

PT-2023-31834 · Unknown +1 · Symbolicator +1

Name of the Vulnerable Software and Affected Versions: Symbolicator versions 0.3.3 through 21.12.1 Description: The issue allows an attacker to make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could...

4.3CVSS4.6AI score0.00471EPSS
Exploits0References8
NVD
NVD
added 2022/12/22 8:15 p.m.21 views

CVE-2022-31746

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...

6.5CVSS0.00412EPSS
Exploits0References2
OSV
OSV
added 2022/12/22 8:15 p.m.4 views

CVE-2022-31746

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References2
Prion
Prion
added 2022/12/22 8:15 p.m.17 views

Spoofing

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...

4.3CVSS5.9AI score0.00412EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/12/22 8:15 p.m.38 views

CVE-2022-31746

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...

6.5CVSS6.6AI score0.00412EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 4:48 p.m.21 views

GHSA-5XP2-RV4H-MM2Q Moodle Open Redirect Vulnerability

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs...

6.1CVSS6.1AI score0.009EPSS
Exploits0References9
Rows per page
Query Builder