92 matches found
CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...
EUVD-2021-16413
Malware in sbrugna...
EUVD-2022-0778
Malicious code in bioql PyPI...
EUVD-2022-2680
Malicious code in bioql PyPI...
CVE-2025-59346 Dragonfly server-side request forgery vulnerability
Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery SSRF vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-57818 Firecrawl SSRF Vulnerability via malicious webhook
Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery SSRF vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with...
CVE-2025-5256 Open Redirect vulnerability on user unlock path
SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits. Open Redirection...
CVE-2021-45328
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site 'Open Redirect' via internal URLs...
CVE-2021-29954
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210428201255...
CVE-2024-27184 [20240801] - Core - Inadequate validation of internal URLs
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...
CVE-2024-27184 [20240801] - Core - Inadequate validation of internal URLs
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...
[20240801] - Core - Inadequate validation of internal URLs
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...
PT-2023-31834 · Unknown +1 · Symbolicator +1
Name of the Vulnerable Software and Affected Versions: Symbolicator versions 0.3.3 through 21.12.1 Description: The issue allows an attacker to make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could...
CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...
CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...
Spoofing
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...
CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...
GHSA-5XP2-RV4H-MM2Q Moodle Open Redirect Vulnerability
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs...