3 matches found
CVE-2025-6851
The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...
CVE-2024-21498
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery SSRF via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by...
CVE-2025-22215
VMware Aria Automation contains a server-side request forgery SSRF vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network...