CVE-2025-45887

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery SSRF in /api/file/getRemoteContent...

CVE-2024-6449 Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...