360 matches found
CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...
WordPress plugin WP Migrate Lite – WordPress Migration Made Easy 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...
PT-2025-46938
Name of the Vulnerable Software and Affected Versions IQ-Support affected versions not specified Description IQ-Support, developed by IQ Service International, has an issue that allows unauthenticated remote attackers to access specific APIs and obtain sensitive information from the internal...
CVE-2025-61959
The CVE-2025-61959 entry concerns Vertikal Systems’ Hospital Manager Backend Services. Connected sources confirm concrete details: prior to 19 Sep 2025, the product exposed a live ASP.NET tracing endpoint (/trace.axd) without authentication, enabling remote attackers to harvest request metadata, ...
CVE-2025-10145
The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the uploadtolibrary function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests ...
CVE-2025-10145
...
编号撤回
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A server-side request forgery vulnerability exists in the WordPress plugin Auto Featured Image,...
PT-2025-44086
Name of the Vulnerable Software and Affected Versions Auto Featured Image Auto Post Thumbnail plugin for WordPress versions prior to 4.1.8 Description The Auto Featured Image Auto Post Thumbnail plugin for WordPress is susceptible to Server-Side Request Forgery SSRF in versions up to and includin...
EUVD-2025-36214
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...
CVE-2025-27223
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...
CVE-2025-27223
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...
WordPress Task Scheduler plugin server-side request forgery vulnerability
WordPress Task Scheduler plugin is mainly used to manage and optimize the timed tasks in WordPress such as update checking, cache cleaning, etc., common plugins include WP-Crontrol and WPCron. WordPress Task Scheduler plugin has a server-side request forgery vulnerability, the vulnerability stems...
VulnCheck KEV: CVE-2025-27223
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...
CVE-2025-9975
The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wpscraperextractcontent function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary...
EUVD-2021-19714
Malware in sbrugna...
EUVD-2018-12321
Malware in sbrugna...
EUVD-2019-1055
Malware in sbrugna...
EUVD-2019-18889
Malware in sbrugna...
EUVD-2020-25463
Malware in sbrugna...
EUVD-2019-5613
Malware in sbrugna...