1754 matches found
CVE-2025-12962 Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode
The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...
CVE-2024-32008
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user...
CVE-2024-32008
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user...
EUVD-2024-29846
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user...
CVE-2024-32008
Spectrum Power 4 (all versions
CVE-2024-32008
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user...
PT-2025-46533
Name of the Vulnerable Software and Affected Versions Spectrum Power versions prior to 4.70 SP12 Update 2 Description The application contains a flaw that allows local privilege escalation. An exposed debug interface on localhost enables any local user to gain code execution as an administrative...
SUSE CVE-2025-59956
AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for th...
bftpd 安全漏洞
Bftpd is an FTP File Transfer Protocol server. A security vulnerability exists in bftpd 6.2 and earlier versions, which originates from a heap buffer overflow in the function expandgroups in the file options.c of the component Configuration File Handler, which could lead to a localhost attack...
Deserialization of Untrusted Data
Overview pyquokka is a Quokka Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the doaction function in the flight.py file. An attacker can execute arbitrary code on the server by sending maliciously crafted serialized data through the network interface...
GHSA-FGX4-P8XF-QHP9 Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module
Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...
CVE-2025-61679
Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...
EUVD-2020-3852
Malware in sbrugna...
EUVD-2018-0206
Malware in sbrugna...
EUVD-2019-17184
Malware in sbrugna...
EUVD-2018-10231
Malware in sbrugna...
EUVD-2017-9325
Malware in sbrugna...
EUVD-2021-1086
Malware in sbrugna...
EUVD-2018-4098
Malware in sbrugna...
EUVD-2021-2056
Malware in sbrugna...