CVE-2025-67427

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

PT-2026-1329

Name of the Vulnerable Software and Affected Versions evershop versions prior to 2.1.1 Description A Blind Server-Side Request Forgery SSRF exists in evershop versions prior to 2.1.1. An unauthenticated attacker can force the server to initiate an HTTP request via the ''/images'' API endpoint. Th...

CVE-2025-67427

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

CVE-2025-67427

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

CVE-2025-65411

A flaw was found in GNU Unrtf. This vulnerability, a NULL pointer dereference in the src/path.c component, allows an attacker to cause a Denial of Service DoS by injecting a specially crafted payload into the searchpath parameter. This can lead to the application becoming unresponsive or crashing...

Server-side Request Forgery (SSRF)

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the TimThumb component in the timthumb.php file. An attacker can access internal resources or perform unauthorized requests by manipulating the src argument...

CVE-2025-15264

CVE-2025-15264 affects FeehiCMS (up to v2.1.1) via the TimThumb component in frontend/web/timthumb.php. The vulnerability arises from manipulating the src argument, enabling server-side request forgery (SSRF) and potentially allowing remote exploitation. Public disclosures of the exploit exist; t...

CVE-2025-15264 FeehiCMS TimThumb timthumb.php server-side request forgery

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...

UBUNTU-CVE-2025-65411

A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the searchpath parameter...

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

UBUNTU-CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

MAL-2025-192713 Malicious code in baidu-src-test4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15d38e0e00f51e045ab813f8aa805cd532c164ee66f9960af5ba7ee0f286b80c The package baidu-src-test4 was found to contain malicious code...

EUVD-2025-204940

Malicious code in baidu-src-test4 npm...

CVE-2024-25812

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...

CVE-2025-65410

GNU UnRTF, version 0.21.10, contains a stack overflow in src/main.c that can cause a Denial of Service when a crafted input is provided in the filename parameter. The CVE-2025-65410 issue is documented across multiple sources (NVD/ENISA OSV series) with a local attack vector targeting the filenam...

EUVD-2024-23120

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...

EUVD-2024-24902

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

CVE-2024-25812

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

AIRC MyNET 安全漏洞

AIRC MyNET is a specialized online management system from AIRC Portugal. A security vulnerability exists in AIRC MyNET v26.05 and earlier versions, which stems from a reflected cross-site scripting issue with the src parameter...