Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of user-supplied URLs in the Focus component. An attacker can cause the server to send HTTP requests to internal or external destinations by supplying crafted URLs. This can...

EUVD-2023-1699

Malicious code in bioql PyPI...

CVE-2023-45641

Cross-Site Request Forgery CSRF vulnerability in Caret Inc. Caret Country Access Limit plugin = 1.0.2 versions...

PT-2025-15764 · Unknown · Quanganhdo Custom Smilies

Name of the Vulnerable Software and Affected Versions: quanganhdo Custom Smilies versions 1.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...

PT-2025-14499 · Stmicroelectronics · X-Cube-Azrtos-Wl

Name of the Vulnerable Software and Affected Versions: STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0 Description: A buffer overflow issue exists in the FileX Internal RAM interface functionality, allowing code execution through specially crafted network packets. An attacker can trigger this...

PT-2024-27168 · Mapos · Mapos

Name of the Vulnerable Software and Affected Versions: MAP-OS versions 4.45.0 and earlier Description: The issue allows malicious users to insert a malicious payload into the Client Name input, resulting in unauthorized script execution on the administrator and employee dashboards when a service...

PT-2024-21847 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 Description: The issue is related to Stored Cross-Site Scripting via HTML Tags due to insufficient input sanitization and output escaping on user-supplied attributes...

Caret Country Access Limit <= 1.0.2 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2023-45641

Cross-Site Request Forgery CSRF vulnerability in Caret Inc. Caret Country Access Limit plugin = 1.0.2 versions...

CVE-2023-45641

Cross-Site Request Forgery CSRF vulnerability in Caret Inc. Caret Country Access Limit plugin = 1.0.2 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Caret Inc. Caret Country Access Limit plugin = 1.0.2 versions...

CVE-2023-45641 WordPress Caret Country Access Limit Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Caret Inc. Caret Country Access Limit plugin = 1.0.2 versions...

CVE-2023-45641

CVE-2023-45641 affects the Caret Country Access Limit WordPress plugin (

WordPress Plugin Caret Country Access Limit Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

PT-2023-29618 · Unknown · Caret Country Access Limit

Name of the Vulnerable Software and Affected Versions: Caret Country Access Limit plugin versions prior to 1.0.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to perform unintended actions on a web application...

WordPress Caret Country Access Limit Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Caret Country Access Limit Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45641 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID eb3f86ef6148 Credits Prasanna...

PT-2023-27709 · Aurea · Arconte Áurea

Name of the Vulnerable Software and Affected Versions: ARCONTE Aurea version 1.5.0.0 Description: The authentication system could allow an attacker to make incorrect access requests, blocking each legitimate account and causing a denial of service. A resource has been identified that could allow...

CVE-2023-4413

Summary: CVE-2023-4413 concerns the rkhunter Rootkit Hunter vulnerability affecting versions 1.4.4–1.4.6. It targets an unknown function in /var/log/rkhunter.log, allowing manipulation that can reveal sensitive information in log files. Exploitation is described as locally accessible with high co...

PT-2023-19479 · Davinci · Davinci

Name of the Vulnerable Software and Affected Versions: Davinci version 0.3.0-rc Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the copyDisplay function. Recommendations: For Davinci version 0.3.0-rc, consider disabling the copyDisplay...

Privilege Escalation

ezsystems/ezplatform-kernel is vulnerable to privilege escalation. The vulnerability exists because the company role assigning feature is not properly handled which allows an attacker to limit the access of assigning roles to any user...