Server-Side Request Forgery

Server-Side Request Forgery (SSRF) vulnerability in Squidex CMS webhook configuration allows authenticated administrators to make requests to internal services by specifying localhost or internal IP addresses as webhook destinations. PoC available.

The AI Engine plugin for WordPress versions up to 3.3.2 contains a server-side request forgery vulnerability in the 'get_audio' function that allows authenticated subscribers and higher-privileged users to make arbitrary web requests from the server. When the Public API setting is enabled and allow_url_fopen is active, attackers can query and modify data on internal services accessible to the web application. No patch is currently available for this vulnerability.

XXE (XML External Entity) injection in AssertJ Java testing library from 1.4.0 to before 3.27.7 allows reading arbitrary files when parsing XML assertions. Patch available.

Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information. [CVSS 5.3 MEDIUM]

Unauthenticated attackers can exploit a Server-Side Request Forgery vulnerability in the WordPress Frontis Blocks plugin (versions up to 1.1.6) through unvalidated URL parameters in the template proxy endpoints to perform arbitrary web requests from the affected server. This allows an attacker to scan internal networks, access local services, or exfiltrate sensitive data without authentication. No patch is currently available.

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. [CVSS 4.0 MEDIUM]

Prince Radio Player versions 2.0.91 and earlier are vulnerable to Server-Side Request Forgery (SSRF), enabling unauthenticated remote attackers to make arbitrary requests from the affected server. This could allow attackers to access internal resources, scan internal networks, or interact with backend services that should not be directly accessible.

Unauthenticated Server-Side Request Forgery (SSRF) in FOG 1.5.10.1754 and earlier allows remote attackers to read internal files and access local services by manipulating the url parameter in getversion.php when newService=1 is present. The vulnerability requires no authentication or user interaction and affects the confidentiality of sensitive data accessible from the affected system. No patch is currently available.

Rekor versions 1.4.3 and earlier contain a server-side request forgery (SSRF) vulnerability in the /api/v1/index/retrieve endpoint that allows unauthenticated remote attackers to probe internal networks through blind SSRF attacks by supplying arbitrary URLs for public key retrieval. While the vulnerability cannot directly exfiltrate data or modify state since responses are not returned and only GET requests are supported, it enables reconnaissance of internal infrastructure. The issue is patched in version 1.5.0, or can be mitigated by disabling the retrieve API with --enable_retrieve_api=false.

ThemeGoods PhotoMe versions below 5.7.2 contain a server-side request forgery vulnerability that allows unauthenticated attackers to perform arbitrary HTTP requests on behalf of the affected server. The vulnerability requires user interaction to exploit and can lead to information disclosure or unintended modifications on the target system. No patch is currently available.

Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting is affected by server-side request forgery (ssrf) (CVSS 4.6).

IMGspider WordPress plugin has a Server-Side Request Forgery vulnerability enabling attackers to make the server perform requests to internal network resources.

SmartDataSoft Electrician - Electrical Service WordPress electrician is affected by server-side request forgery (ssrf) (CVSS 5.4).

WP Messiah Frontis Blocks frontis-blocks is affected by server-side request forgery (ssrf) (CVSS 7.2).

Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0. [CVSS 6.4 MEDIUM]

Marco Milesi ANAC XML Viewer anac-xml-viewer is affected by server-side request forgery (ssrf) (CVSS 4.9).

Pool Services WordPress plugin has a Server-Side Request Forgery vulnerability allowing attackers to make the server perform arbitrary HTTP requests to internal and external targets.

A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. [CVSS 7.5 HIGH]

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive U...

Keycloak's OpenID Connect Dynamic Client Registration feature fails to validate jwks_uri values when clients authenticate via private_key_jwt, allowing attackers to redirect the server to arbitrary network endpoints. This enables reconnaissance and information disclosure attacks against internal services and cloud metadata endpoints accessible from the Keycloak server. No patch is currently available for this MEDIUM severity vulnerability.

Chainlit versions before 2.9.4 with SQLAlchemy backend contain a server-side request forgery vulnerability in the project element update endpoint that allows authenticated attackers to make arbitrary HTTP requests from the server. Public exploit code exists for this vulnerability, enabling attackers to reach internal network services, cloud metadata endpoints, and store responses through the configured storage system. The vulnerability affects AI/ML applications using vulnerable Chainlit deployments and currently has no available patch.

Mailpit versions before 1.28.3 contain a server-side request forgery vulnerability in the HTML Check feature that allows unauthenticated attackers to trigger arbitrary HTTP requests by crafting malicious CSS links in email messages. The vulnerability exists in the CSS inlining function which automatically downloads external stylesheets without proper validation. Public exploit code exists for this issue, though a patch is available in version 1.28.3 and later.

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-va...

Teamwork Management System versions up to 2.28.0. is affected by server-side request forgery (ssrf) (CVSS 6.3).

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. [CVSS 2.2 LOW]

Arbitrary file read vulnerability in Kafka Connect BigQuery Connector prior to version 2.11.0 allows authenticated attackers to read sensitive files by injecting malicious credential configurations through improperly validated credential_source parameters. An attacker with connector configuration privileges can exploit this to access arbitrary files on the system or perform server-side request forgery attacks against internal endpoints. No patch is currently available for affected Apache Kafka deployments.

The Librarian's web_fetch tool can be exploited via SSRF to perform unauthorized GET requests against internal IP addresses and cloud services within the Hertzner environment, allowing attackers to conduct port scanning and reconnaissance of the infrastructure. This unauthenticated network-based attack requires no user interaction and could expose sensitive internal services and their configurations. While the vendor has released patches, exploitation remains possible on unpatched instances.

The DK PDF - WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. [CVSS 5.0 MEDIUM]

Lucy XSS Filter with ObjectSecurityListener or EmbedSecurityListener enabled is vulnerable to server-side request forgery (SSRF) via malformed embed or object tags lacking file extensions in src attributes, allowing remote attackers to trigger arbitrary HEAD requests to internal or external URLs. Public exploit code exists for this vulnerability, and no patch is currently available.

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. [CVSS 5.3 MEDIUM]

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources.

The Google Gemini connector in AI/ML products allows authenticated users with connector management privileges to read arbitrary files through unvalidated file path and network request parameters in credential configurations. An attacker with sufficient authentication access can craft malicious JSON payloads to trigger server-side requests and disclose sensitive files from the affected system. This vulnerability requires valid credentials and administrative privileges but presents a high risk of confidential data exposure.

The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0. This is due to the plugin using wp_remote_get() instead of wp_safe_remote_get() to fetch content from a user-supplied URL in the 'url' parameter of the [gcfu] shortcode. [CVSS 7.2 HIGH]

Microsoft SharePoint Server contains a server-side request forgery vulnerability that allows authenticated users to access sensitive information across the network. An attacker with valid credentials can exploit this flaw to disclose confidential data without requiring user interaction. No patch is currently available for this issue.

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests. [CVSS 3.8 LOW]

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request. [CVSS 6.5 MEDIUM]

Metabase is an open-source data analytics platform. versions up to 55.13 is affected by server-side request forgery (ssrf).

Fulcio versions prior to 1.8.5 allow unauthenticated attackers to bypass MetaIssuer URL validation through unanchored regex patterns, enabling blind SSRF attacks against internal services. Although the vulnerability is limited to read-only GET requests with no response exfiltration, attackers can probe internal networks to discover active services and infrastructure. Public exploit code exists for this medium-severity issue, and a patch is available in version 1.8.5.

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize() function in the Elementor widget integration. [CVSS 4.3 MEDIUM]

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. [CVSS 2.7 LOW]

Mastodon's IP address filtering bypass (CWE-918) permits attackers to craft requests using unblocked IP ranges to reach local and loopback services, potentially exposing private resources and internal APIs. An unauthenticated remote attacker can exploit incomplete private address range validation in Mastodon instances to perform Server-Side Request Forgery (SSRF) attacks. Patched versions 4.5.4, 4.4.11, 4.3.17, and 4.2.29 are available.

Miniflux's media proxy endpoint is vulnerable to Server-Side Request Forgery (SSRF) in versions prior to 2.2.16, allowing authenticated users to craft malicious proxy URLs that force the application to fetch and expose responses from internal network resources including localhost and private IP ranges. An attacker with valid credentials can abuse this to access sensitive internal services and metadata endpoints by embedding specially crafted URLs in feed content. Public exploit code exists for this vulnerability, and no patch is currently available for affected installations.

nK Themes Helper WordPress plugin (through 1.7.9) has SSRF enabling unauthenticated server-side requests to internal services and cloud metadata endpoints.

Mailpit versions 1.28.0 and earlier contain a server-side request forgery vulnerability in the /proxy endpoint that permits unauthenticated attackers to probe and access internal network resources and services. The endpoint insufficiently validates destination addresses, allowing requests to internal IP ranges despite scheme validation. Public exploit code exists for this vulnerability, which is resolved in version 1.28.1.

Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. [CVSS 5.3 MEDIUM]

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.

Bio-Formats versions up to 8.3.0 contain an XML External Entity (XXE) injection vulnerability in the Leica Microsystems metadata parser that fails to disable external entity expansion. A local attacker can exploit this by crafting malicious XML metadata files to trigger server-side request forgery, read local files, or cause denial of service. No patch is currently available.

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. [CVSS 6.5 MEDIUM]

Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36. [CVSS 4.9 MEDIUM]

Server-side request forgery in InvoiceNinja up to version 5.12.38 allows remote attackers with high privileges to manipulate the company_logo parameter during migration imports, enabling them to make arbitrary outbound requests from the affected server. Public exploit code is available and the vendor has not provided a patch or response to this disclosure. The vulnerability affects PHP and Golang environments with a CVSS score of 4.7.

The Xagio SEO - AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. [CVSS 6.4 MEDIUM]

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL `save_<VolumeName>_Asset` mutation is vulnerable to Server-Side Request Forgery (SSRF). [CVSS 6.8 MEDIUM]

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. [CVSS 7.9 HIGH]

A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. [CVSS 6.5 MEDIUM]

Server-side request forgery (SSRF) in Emlog up to version 2.5.19 allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files to the media upload endpoint, enabling internal network reconnaissance and potential credential exposure when the server processes the files. Public exploit code exists for this vulnerability and no patches are currently available. The flaw affects all Emlog installations accepting SVG uploads and can be exploited without user interaction once an attacker gains authenticated access.

A flaw has been found in go-sonic sonic versions up to 1.1.4. is affected by server-side request forgery (ssrf) (CVSS 4.7).

Cpp-Httplib versions up to 0.30.0 contains a vulnerability that allows attackers to add extra headers, modify request body unexpectedly & trigger an SSRF attack (CVSS 7.5).

The WP Import - Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the `upload_function()` method. [CVSS 6.4 MEDIUM]

Server-Side Request Forgery (SSRF) in the WordPress & WooCommerce Scraper Plugin (wp_scraper) versions up to 1.0.7 allows unauthenticated attackers to make arbitrary HTTP requests from the affected WordPress server. The vulnerability exists in the plugin's core scraping functionality, which fails to properly validate or restrict the target URLs that can be requested. An attacker can exploit this to scan internal networks, access internal services, exfiltrate data from backend systems, or perform reconnaissance against the hosting infrastructure. No public exploit code has been identified at time of analysis, and EPSS risk is minimal at 0.01%, but the vulnerability affects all installations of the vulnerable plugin versions.

Server-Side Request Forgery (SSRF) in Jthemes Genemy WordPress theme versions up to 1.6.6 allows unauthenticated remote attackers to make arbitrary HTTP requests from the affected server, potentially accessing internal resources, cloud metadata endpoints, or services restricted to localhost. No CVSS score is assigned in official databases; EPSS probability is extremely low at 0.01%, and no public exploit code or active exploitation has been identified. The vulnerability was reported by Patchstack's security audit team.

Server-Side Request Forgery (SSRF) in Youzify WordPress plugin through version 1.3.7 allows authenticated high-privilege users to make arbitrary network requests from the server, exposing internal resources and services. The vulnerability requires administrative credentials (PR:H) but carries high confidentiality impact with EPSS score of 0.04% indicating minimal real-world exploitation likelihood despite the moderate CVSS score of 4.9.

Server-Side Request Forgery (SSRF) in WordPress Image Shrinker plugin versions up to 1.1.0 enables unauthenticated remote attackers to forge requests from the affected server to internal or external resources, potentially exposing sensitive data or enabling lateral movement within network infrastructure. The vulnerability has extremely low exploitation probability (EPSS 0.04th percentile) and no public exploit code identified, suggesting limited real-world threat despite the technical severity of SSRF vulnerabilities.

Server-Side Request Forgery in WordPress Link Library plugin versions up to 7.8.7 allows unauthenticated remote attackers to make arbitrary HTTP requests from the server, potentially accessing internal resources, cloud metadata endpoints, or conducting reconnaissance of internal network infrastructure. CVSS score of 9.1 indicates high severity, though EPSS of 0.04% (14th percentile) suggests limited observed exploitation attempts. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis.

Server-Side Request Forgery (SSRF) in 6Storage Rentals WordPress plugin versions ≤2.20.2 allows unauthenticated remote attackers to send crafted requests from the vulnerable server to arbitrary internal or external systems. With CVSS 9.1 (critical) due to network-accessible attack vector requiring no authentication or user interaction, attackers can achieve high confidentiality and integrity impact by potentially accessing internal services, cloud metadata endpoints, or exfiltrating sensitive data. EPSS score of 0.04% (14th percentile) indicates relatively low observed exploitation probability despite the critical severity rating. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis.

WP Fastest Cache Premium plugin versions up to 1.7.4 contain a Server-Side Request Forgery (SSRF) vulnerability in the 'get_server_time_ajax_request' AJAX action that allows authenticated Subscriber-level users to send arbitrary web requests originating from the server, potentially enabling reconnaissance and manipulation of internal services. The free version is unaffected. No public exploit code has been identified at time of analysis, with a very low EPSS score of 0.04% indicating minimal real-world exploitation likelihood despite the authenticated attack vector.

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge.

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion).

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37.

A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment.

Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination.

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.

A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.120.2 addresses this issue. It is suggested to upgrade the affected component.

A vulnerability was found in ZenTao up to 21.7.6-8564. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Azure Monitor Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.1.8, from 2025.0.0 before 2025.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.