37 matches found
CVE-2026-60104
Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, allowing a low-privileged organization member to obtain another user's vault key and a victim-scoped access token by creating a Trusted Device Encryptio...
EUVD-2026-42367
Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, allowing a low-privileged organization member to obtain another user's vault key and a victim-scoped access token by creating a Trusted Device Encryptio...
CVE-2016-20074
WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...
PT-2026-40627
Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...
CVE-2026-40309
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...
CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
EUVD-2026-28154
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
EUVD-2026-24700
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-6235
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-6235
Vulnerability overview: The Sendmachine for WordPress plugin (WordPress) is affected by an authorization bypass in the manage_admin_requests path for all versions up to 1.0.20, enabling unauthenticated attackers to overwrite the SMTP configuration and potentially intercept all outbound emails (in...
WordPress plugin Sendmachine for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-29259
Name of the Vulnerable Software and Affected Versions: OpenClaw versions prior to 2026.3.28 Description: A privilege escalation vulnerability exists in the /pair approve command path due to missing scope validation. A user with pairing privileges, but without admin privileges, can approve pending...
CVE-2025-64063
CVE-2025-64063 affects Primakon Pi Portal 1.0.18. The issue stems from insufficient authorization checks in API endpoints, allowing a standard user to send direct HTTP requests to administrative endpoints and bypass UI restrictions. Potential impact includes: Unauthorized account modification (mo...
CVE-2025-12173
CVE-2025-12173 concerns the WordPress plugin WP Admin Microblog (versions ≤ 3.1.1). Wordfence details indicate a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the wp-admin-microblog page, enabling unauthenticated attackers to post messages on behalf of an admin...
EUVD-2012-1931
Malware in sbrugna...
EUVD-2019-5816
Malware in sbrugna...
EUVD-2012-1987
Malware in sbrugna...
VulnCheck KEV: CVE-2022-31984
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=...
CVE-2019-13969
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=uiset=admin=index=dogettextcontent=lang=1 request...