13794 matches found
Server-side Request Forgery (SSRF)
Overview io.spinnaker.orca:orca-clouddriver is a Spinnaker Orca Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper restrictions on user-supplied URLs when fetching data. An attacker can access internal resources, extract sensitive authentication data...
PT-2026-25989
Impact Some specific 1 out of 256 User Supplied Secrets USS were not used, making the resulting Compound Device Identifier CDI the same as if no USS was provided. Affected client applications: all client apps using the tkeyclient Go module. Patches Upgrade to v1.3.0. NOTE WELL: For the affected e...
VvvebJs 安全漏洞
VvvebJs is a drag-and-drop website generator from Givan Personal Developers. A security vulnerability exists in VvvebJs version 1.7.2, which stems from the filegetcontents function in the save.php file mishandling user-supplied URLs, which could lead to server-side request forgery and arbitrary...
PT-2025-52564
Name of the Vulnerable Software and Affected Versions Versa SASE Client for Windows versions 7.8.7 through 7.9.4 Description The software contains a local privilege escalation issue in the audit log export functionality. The client sends user-controlled file paths to a privileged service, which...
Foxit PDF Editor 安全漏洞
Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor, which stems from a user-supplied SVG file in the Portfolio feature that is not properly cleaned or validated, which could lead to a stored cross-site scripting attack...
GHSA-GXVV-45F6-3CH8 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...
WordPress iframe plugin cross-site scripting vulnerability
The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...
WordPress BigBuy Dropshipping Connector for WooCommerce plugin IP address forgery vulnerability
WordPress BigBuy Dropshipping Connector for WooCommerce plugin is an open source plugin for the WordPress platform for WooCommerce e-commerce platform , support and BigBuy and other Dropshipping supplier docking , to achieve automatic synchronization of goods It supports interfacing with BigBuy a...
CVE-2025-57697
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...
HTML Injection
mailgen is vulnerable to HTML injection. The vulnerability is due to improper sanitization of user-supplied content and Mailgen.generatePlaintextemail retaining HTML tags from input. An attacker can supply crafted content to inject HTML into generated plaintext emails...
WordPress Captivate Sync plugin deserialization vulnerability
WordPress Captivate Sync plugin is a WordPress plugin developed by Captivate, which belongs to RebelBaseMedia's products and is mainly used to simplify the Podcast management process. WordPress Captivate Sync plugin suffers from a deserialization vulnerability that stems from unsafe deserializati...
WordPress plugin WP Links Page SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF when processing user-supplied URLs. An attacker can cause the server to send unauthorized requests to arbitrary internal or external services by submitting crafted URLs. Workaround This vulnerability can...
PT-2025-41352
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-47351 Description A memory corruption issue exists when processing user-supplied buffers. This can potentially lead to unexpected behavior or compromise of the system. Recommendations At the moment, there is no informati...
EUVD-2009-3890
Malware in sbrugna...
EUVD-2019-0676
Malware in sbrugna...
EUVD-2012-6567
Malware in sbrugna...
EUVD-2020-26961
Malware in sbrugna...
EUVD-2016-7217
Malware in sbrugna...
EUVD-2003-1382
Malware in sbrugna...