CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

EUVD-2018-8277

Malware in sbrugna...

EUVD-2008-0752

Malware in sbrugna...

EUVD-2020-7251

Malware in sbrugna...

CVE-2017-12946

classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators...

CVE-2025-26153

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message...

CVE-2024-13883

The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...

CVE-2022-31229

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources...

Cross-Site Request Forgery (CSRF)

civicrm/civicrm-core is vulnerable to cross-site request forgery. Lack of sufficient validation on the configuration form allows a malicious third-party to trick a CiviCRM administrator into changing the configuration...

Patreon WordPress Cross-Site Request Forgery Vulnerability

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A cross-site request forgery vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit this vulnerability by tricking an administrator into visiting...

PT-2020-11250 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions 4.8.0 and earlier Wowza Streaming Engine versions 4.7.7 through 4.7.8 Description: The issue allows an administrator to be tricked into making unwanted changes, such as adding another admin user, by following a...

CVE-2016-7156

The pvscsiconvertsglist function in hw/scsi/vmwpvscsi.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging an incorrect cast...