The vulnerability of the Apache HTTP Server web server, related to insufficient validation of incoming requests, allows attackers to perform SSRF attacks.

The vulnerability of the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

The vulnerability of the Import Avatar function in the MyBB forum creation software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the “Import Avatar” function in the MyBB forum creation software is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the XML2PDF library, related to insufficient validation of requests on the server side, allows a attacker to perform an SSRF attack.

The vulnerability of the XML2PDF library is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially crafted HTTP request...

The vulnerability of the ColdFusion software platform, related to insufficient validation of incoming requests, allows attackers to trigger service failures.

The vulnerability of the ColdFusion software platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

SUSE CVE-2025-38264

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing...

CVE-2025-38264

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing...

PT-2025-27600 · Unknown · Active! Mail 6

Name of the Vulnerable Software and Affected Versions: Active! mail 6 versions 6.60.06008562 and earlier Description: A cross-site request forgery issue exists, potentially allowing unintended emails to be sent when a user, who is logged in, accesses a specially crafted URL. Recommendations: For...

PT-2025-27177 · WordPress · Blend Media Wordpress Cta

Name of the Vulnerable Software and Affected Versions: Blend Media WordPress CTA versions 1.6.9 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Blend Media WordPress CTA, allowing unauthorized requests. Recommendations: For Blend Media WordPress CTA versions 1.6.9 and...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed Heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050:Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32051:Fixed Segmentation fault when parsing malformed data URI...

The vulnerability of cloud software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in insufficiently checking incoming requests, allowing attackers to execute SSRF attacks.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server versions 11.7.0.0 through...

WordPress plugin Esselink.nu Settings 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Esselink.nu Settings plugin, which stems from a WEB application that does not adequately validate that a reque...

The vulnerability of the opennextjs package from Cloudflare’s network traffic balancing service for web applications allows attackers to execute arbitrary code.

The vulnerability of the opennextjs package, a network traffic balancing service for Cloudflare’s web applications, relates to insufficient validation of incoming requests. Exploiting this vulnerability allows an attacker to execute arbitrary code by manipulating requests sent from the server’s...

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

CVE-2025-49177

CVE-2025-49177 affects the XFIXES extension in the X.Org/X server: the XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. Practical impact is potential local information disclosure via memory reads. The c...

The vulnerability of the Microsoft Power Apps development environment, related to insufficient validation of incoming requests, allows a attacker to execute an SSRF attack.

The vulnerability of the Microsoft Power Apps development environment is related to insufficient testing of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

The vulnerability of the Interaction Center web client component of the SAP CRM system, which is used for managing customer relationships, as well as the SAP S/4HANA software platform, allows a attacker to perform a SSRF attack.

The vulnerability of the Interaction Center web client component of the SAP CRM and SAP S/4HANA software system relates to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

CVE-2024-56924

A Cross Site Request Forgery CSRF vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page pagesaccount, potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information...

CVE-2023-5967

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin...

CVE-2023-39286

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a...