Lucene search
+L

255 matches found

cvelist
cvelist
added 2025/07/27 9:32 a.m.13 views

CVE-2025-8228 yanyutao0402 ChanCMS getPages server-side request forgery

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. Th...

6.5CVSS0.00584EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2025/07/25 5:32 a.m.8 views

CVE-2025-8133 yanyutao0402 ChanCMS gather.js getArticle server-side request forgery

A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack...

6.5CVSS7.3AI score0.00347EPSS
Exploits1References6
cvelist
cvelist
added 2025/07/22 12:31 p.m.11 views

CVE-2025-34142 ETQ Reliance CG < SE.2025.1 / < 2025.1.2 XXE Injection in SSO SAML Handler

An XML External Entity XXE injection vulnerability exists in ETQ Reliance on the CG legacy platform within the /resources/sessions/sso endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke external...

6.9CVSS0.00901EPSS
Exploits0References4
cve
cve
added 2025/07/17 9:32 p.m.29 views

CVE-2025-7759

Summary: CVE-2025-7759 affects thinkgem JeeSite up to 5.12.0, specifically the UEditor Image Grabber component’s ActionEnter.java. Root cause: Manipulation of the Source argument enables server-side request forgery (SSRF). Impact: Remote exploitation with potential impact on server resources; exp...

8.8CVSS6.3AI score0.00309EPSS
Exploits1References6Affected Software1
cve
cve
added 2025/07/16 11:15 a.m.31 views

CVE-2024-9408

Eclipse GlassFish 6.2.5 and later is affected by an SSRF vulnerability in specific endpoints due to insufficient validation of user-supplied URLs. The issue allows the server to initiate arbitrary network requests to internal or external resources. Public sources (including NVD, Red Hat, Veracode...

9.8CVSS6.6AI score0.0029EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2025/07/11 12:0 a.m.3 views

PT-2025-29226 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: Apache affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and...

7.2CVSS7.2AI score0.00463EPSS
Exploits2References6
cve
cve
added 2025/07/08 8:49 p.m.26 views

CVE-2025-49545

Adobe ColdFusion is affected by CVE-2025-49545 (SSRF leading to arbitrary file system read) in versions 2025.2, 2023.14, 2021.20 and earlier. A high-privilege authenticated attacker can force the application to make arbitrary requests by URL injection; exploitation requires no user interaction an...

6.2CVSS6.7AI score0.00362EPSS
Exploits0References1Affected Software1
cve
cve
added 2025/07/08 3:2 p.m.22 views

CVE-2025-53545

The CVE-2025-53545 entry concerns Press, a Frappe custom app used with Frappe Cloud. The underlying issue is a lack of server-side validation that allows bypassing two-factor authentication (2FA) for users. The vulnerability description confirms that this is a 2FA bypass resulting from insufficie...

6.9CVSS7AI score0.00299EPSS
Exploits0References2
patchstack
patchstack
added 2025/07/03 11:22 p.m.9 views

WordPress PayMaster for WooCommerce plugin <= 0.4.31 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Poli in WordPress Plugin PayMaster for WooCommerce versions = 0.4.31...

6.4CVSS6.8AI score0.00192EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/07/03 12:23 a.m.9 views

CVE-2025-45872

zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery SSRF via the downloadUrl parameter...

9.8CVSS7.7AI score0.00408EPSS
Exploits1References1
nvd
nvd
added 2025/07/01 2:15 p.m.26 views

CVE-2025-45872

zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery SSRF via the downloadUrl parameter...

9.8CVSS0.00408EPSS
Exploits1References1
cve
cve
added 2025/07/01 12:0 a.m.22 views

CVE-2025-45872

CVE-2025-45872 affects zrlog v3.1.5 and is described as a Server-Side Request Forgery (SSRF) in the downloadUrl parameter. The base metrics indicate a CRITICAL impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; 9.8) with high confidentiality, integrity, and availability implications. The conn...

9.8CVSS7.6AI score0.00408EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/07/01 12:0 a.m.24 views

CVE-2025-45872

zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery SSRF via the downloadUrl parameter...

0.00408EPSS
Exploits1References1
cvelist
cvelist
added 2025/06/30 12:0 a.m.13 views

CVE-2025-52491

Akamai CloudTest before 60 2025.06.09 12989 allows SSRF...

5.8CVSS0.00299EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/06/26 7:23 p.m.6 views

CVE-2025-49852

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers...

8.7CVSS6.3AI score0.00357EPSS
Exploits0References1
nvd
nvd
added 2025/06/20 7:15 p.m.8 views

CVE-2025-34021

A server-side request forgery SSRF vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON...

7.8CVSS0.00526EPSS
Exploits1References6
redhatcve
redhatcve
added 2025/06/06 8:12 p.m.16 views

CVE-2025-31134

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server...

7.5CVSS7.1AI score0.00395EPSS
Exploits1References1
cve
cve
added 2025/05/30 6:36 p.m.194 views

CVE-2025-48943

The CVE-2025-48943 issue affects vLLM (inference/serving engine). Versions 0.8.0 up to but excluding 0.9.0 are vulnerable to a Denial of Service caused by processing an invalid regex when using structured output; the issue is fixed in 0.9.0. Related Chainguard advisories list affected builds such...

6.5CVSS7AI score0.004EPSS
Exploits0References4Affected Software1
osv
osv
added 2025/05/30 6:33 p.m.4 views

CVE-2025-48942 vLLM DOS: Remotely kill vllm over http with invalid JSON schema

vLLM is an inference and serving engine for large language models LLMs. In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid jsonschema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex...

6.5CVSS6.5AI score0.00453EPSS
Exploits1References6
osv
osv
added 2025/05/29 9:2 a.m.6 views

CVE-2024-52588 Strapi allows Server-Side Request Forgery in Webhook function

Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...

4.9CVSS6.3AI score0.00483EPSS
Exploits1References3
Rows per page
Query Builder