CVE-2025-10137

CVE-2025-10137 (Snow Monkey theme for WordPress) is an SSRF vulnerability in the Snow Monkey theme. Public details in connected docs indicate an unauthenticated, blind SSRF via the request() function affecting Snow Monkey versions up to 29.1.5. Wordfence references show the patch/mitigation path,...

CVE-2025-10137 Snow Monkey <= 29.1.5 - Unauthenticated Blind Server-Side Request Forgery

The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

CVE-2025-10137 Snow Monkey <= 29.1.5 - Unauthenticated Blind Server-Side Request Forgery

The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

WordPress plugin Snow Monkey 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-39515

Name of the Vulnerable Software and Affected Versions Snow Monkey versions prior to 29.1.6 Description The Snow Monkey theme for WordPress is susceptible to Server-Side Request Forgery SSRF in all versions up to and including 29.1.5. This flaw resides within the request function and allows...

WordPress Snow Monkey plugin <= 29.1.5 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by elmore in WordPress Theme Snow Monkey versions 29.1.5...

WordPress Snow Monkey Theme 29.1.5 is vulnerable to Server Side Request Forgery (SSRF)

Software Snow Monkey Type Theme Vulnerable versions 29.1.5 Fixed in 29.1.6 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2025-10137 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 607b6876f535 Credits elmore Required privilege...

CVE-2025-10532

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Malicious code in depend-spirit-monkey (npm)

The package depend-spirit-monkey was found to contain malicious code...

MAL-2025-43962 Malicious code in depend-spirit-monkey (npm)

The package depend-spirit-monkey was found to contain malicious code...

Malicious code in follow-monkey-fallen (npm)

The package follow-monkey-fallen was found to contain malicious code...

MAL-2025-44285 Malicious code in follow-monkey-fallen (npm)

The package follow-monkey-fallen was found to contain malicious code...

MAL-2025-45361 Malicious code in nothing-monkey-stiff (npm)

The package nothing-monkey-stiff was found to contain malicious code...

com.github.cafaudit:caf-audit-binding-elasticsearch (>=5.0.3-1321 <=5.0.4-1329), com.github.cafaudit:caf-audit-monkey-container (>=5.0.3-1321 <=5.0.4-1329) +78 more potentially affected by CVE-2025-9340 via org.bouncycastle:bc-fips (=2.1.0)

org.bouncycastle:bc-fips MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.github.cafaudit:caf-audit-binding-elasticsearch =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321,...

com.github.cafaudit:caf-audit-binding-elasticsearch (>=5.0.3-1321 <=5.0.4-1329), com.github.cafaudit:caf-audit-monkey-container (>=5.0.3-1321 <=5.0.4-1329) +78 more potentially affected by CVE-2025-9341 via org.bouncycastle:bc-fips (=2.1.0)

org.bouncycastle:bc-fips MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.github.cafaudit:caf-audit-binding-elasticsearch =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321,...

CVE-2025-9185

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

CVE-2025-9183

Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2...

com.github.cafaudit:caf-audit-binding-elasticsearch (>=5.0.3-1321 <=5.0.4-1329), com.github.cafaudit:caf-audit-monkey-container (>=5.0.3-1321 <=5.0.4-1329) +78 more potentially affected by CVE-2025-9092 via org.bouncycastle:bc-fips (=2.1.0)

org.bouncycastle:bc-fips MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.github.cafaudit:caf-audit-binding-elasticsearch =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321,...

firefox: thunderbird: JavaScript engine only wrote partial return value to stack

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: On 64-bit platforms, IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, reads the entire 64 bits...

CVE-2023-32623

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server...