Lucene search
+L

13794 matches found

Snyk
Snyk
added 2026/01/05 10:55 p.m.5 views

Server-side Request Forgery (SSRF)

Overview io.spinnaker.orca:orca-clouddriver is a Spinnaker Orca Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper restrictions on user-supplied URLs when fetching data. An attacker can access internal resources, extract sensitive authentication data...

8.8CVSS6.9AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-25989

Impact Some specific 1 out of 256 User Supplied Secrets USS were not used, making the resulting Compound Device Identifier CDI the same as if no USS was provided. Affected client applications: all client apps using the tkeyclient Go module. Patches Upgrade to v1.3.0. NOTE WELL: For the affected e...

4.7CVSS6AI score0.00246EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.5 views

VvvebJs 安全漏洞

VvvebJs is a drag-and-drop website generator from Givan Personal Developers. A security vulnerability exists in VvvebJs version 1.7.2, which stems from the filegetcontents function in the save.php file mishandling user-supplied URLs, which could lead to server-side request forgery and arbitrary...

9.1CVSS5.9AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.8 views

PT-2025-52564

Name of the Vulnerable Software and Affected Versions Versa SASE Client for Windows versions 7.8.7 through 7.9.4 Description The software contains a local privilege escalation issue in the audit log export functionality. The client sends user-controlled file paths to a privileged service, which...

8.5CVSS6.7AI score0.00095EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.4 views

Foxit PDF Editor 安全漏洞

Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor, which stems from a user-supplied SVG file in the Portfolio feature that is not properly cleaned or validated, which could lead to a stored cross-site scripting attack...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 3:30 p.m.3 views

GHSA-GXVV-45F6-3CH8 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

8.5CVSS5.8AI score0.00311EPSS
Exploits0References6
CNVD
CNVD
added 2025/11/27 12:0 a.m.25 views

WordPress iframe plugin cross-site scripting vulnerability

The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

6.4CVSS6.1AI score0.00161EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/25 12:0 a.m.4 views

WordPress BigBuy Dropshipping Connector for WooCommerce plugin IP address forgery vulnerability

WordPress BigBuy Dropshipping Connector for WooCommerce plugin is an open source plugin for the WordPress platform for WooCommerce e-commerce platform , support and BigBuy and other Dropshipping supplier docking , to achieve automatic synchronization of goods It supports interfacing with BigBuy a...

5.3CVSS6.6AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.3 views

CVE-2025-57697

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

6.3AI score0.00308EPSS
Exploits1References1
Veracode
Veracode
added 2025/11/05 12:27 p.m.7 views

HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper sanitization of user-supplied content and Mailgen.generatePlaintextemail retaining HTML tags from input. An attacker can supply crafted content to inject HTML into generated plaintext emails...

6.9CVSS6.9AI score0.00409EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2025/10/24 12:0 a.m.3 views

WordPress Captivate Sync plugin deserialization vulnerability

WordPress Captivate Sync plugin is a WordPress plugin developed by Captivate, which belongs to RebelBaseMedia's products and is mainly used to simplify the Podcast management process. WordPress Captivate Sync plugin suffers from a deserialization vulnerability that stems from unsafe deserializati...

9.8CVSS7.5AI score0.00529EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/11 12:0 a.m.4 views

WordPress plugin WP Links Page SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

6.5CVSS7.7AI score0.00359EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/09 7:42 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF when processing user-supplied URLs. An attacker can cause the server to send unauthorized requests to arbitrary internal or external services by submitting crafted URLs. Workaround This vulnerability can...

8.8CVSS7AI score0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.12 views

PT-2025-41352

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-47351 Description A memory corruption issue exists when processing user-supplied buffers. This can potentially lead to unexpected behavior or compromise of the system. Recommendations At the moment, there is no informati...

7.8CVSS5.2AI score0.00081EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-3890

Malware in sbrugna...

4.3CVSS6.4AI score0.01223EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2019-0676

Malware in sbrugna...

9.8CVSS9.3AI score0.034EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-6567

Malware in sbrugna...

9.8CVSS6.4AI score0.03086EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-26961

Malware in sbrugna...

8.5CVSS8.1AI score0.0166EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-7217

Malware in sbrugna...

7.5CVSS7.6AI score0.01476EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2003-1382

Malware in sbrugna...

6.6CVSS6.4AI score0.01501EPSS
Exploits0References4
Rows per page
Query Builder