89 matches found
CVE-2025-12388
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...
CVE-2025-59146 New API has Authenticated Server-Side Request Forgery (SSRF) issue
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to...
EUVD-2007-0104
Malware in sbrugna...
EUVD-2020-21360
Malware in sbrugna...
EUVD-2007-3425
Malware in sbrugna...
EUVD-2020-18849
Malware in sbrugna...
EUVD-2025-30698
Malicious code in bioql PyPI...
EUVD-2025-32209
Malicious code in bioql PyPI...
EUVD-2025-5060
Malicious code in bioql PyPI...
CVE-2025-54087
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and...
The vulnerability in the web interface for managing software tools used to create reports for Cisco Unified Intelligence Center, as well as for multimedia and distributed contact centers like Cisco Unified Contact Center Enterprise, allows attackers to perform SRF attacks.
The vulnerability in the web interface for managing software tools used to create reports for Cisco Unified Intelligence Center, as well as for multimedia and distributed contact centers like Cisco Unified Contact Center Enterprise, stems from forged requests at the server side, resulting from...
CVE-2025-53473
Server-side request forgery SSRF vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers...
CVE-2025-53473
Server-side request forgery SSRF vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers...
CVE-2022-28090
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery SSRF via /cmscp/ext/collect/fetchurl.do?url=...
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...
CVE-2025-47484
Server-Side Request Forgery SSRF vulnerability in Oliver Campion Display Remote Posts Block display-remote-posts-block allows Server Side Request Forgery.This issue affects Display Remote Posts Block: from n/a through = 1.1.0...
CVE-2024-10207 Server-Side Request Forgery (authenticated) in APROL Web Portal
A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL 4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs...
CVE-2024-5186
A Server-Side Request Forgery SSRF vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically,...
Apache Ambari 代码问题漏洞
Apache Ambari is a software application from the Apache USA Foundation. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A code issue vulnerability exists in Apache Ambari versions prior to 2.7.9, which stems from a vulnerability...
The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the Windows Telephony Service in Windows operating systems is related to reading data beyond the allowed range in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending requests to the server...