78 matches found
CVE-2021-47946
OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accou...
WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'check_mollie_account_details' vulnerability
Missing Authorization in 'checkmollieaccountdetails' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...
PT-2026-5282
Name of the Vulnerable Software and Affected Versions Liman version 0.7 Description The software contains a cross-site request forgery issue that allows attackers to manipulate user account settings without proper request validation. Attackers can create malicious HTML forms to change user...
CVE-2021-47800 b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpag...
One million customers on alert as extortion group claims massive Brightspeed data haul
US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information PII, as well as account and billing details...
CVE-2019-16133
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/...
SUSE CVE-2016-11080
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...
GO-2025-4063 Mattermost Server exposes account details to any Team Administrator in github.com/mattermost/mattermost-server
Mattermost Server exposes account details to any Team Administrator in github.com/mattermost/mattermost-server...
EUVD-2007-5090
Malware in sbrugna...
EUVD-2016-2069
Malware in sbrugna...
EUVD-2017-18296
Malware in sbrugna...
EUVD-2020-30208
Malware in sbrugna...
EUVD-2007-5803
Malware in sbrugna...
EUVD-2017-18295
Malware in sbrugna...
EUVD-2019-15108
Malware in sbrugna...
EUVD-2022-51667
Malicious code in bioql PyPI...
CVE-2025-56710
A Cross-Site Request Forgery CSRF vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, ...
CVE-2025-56710
A Cross-Site Request Forgery CSRF vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, ...
PT-2025-37487
Name of the Vulnerable Software and Affected Versions: PHPGurukul Student-Result-Management-System-Using-PHP-V2.0 version 2.0 Description: A Cross-Site Request Forgery CSRF flaw exists in the Profile Page of the software. This allows an attacker to trick authenticated users into unintentionally...
CVE-2022-30834
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/clientmanageaccountdetails.php?bookingid=31id=...