91 matches found
CVE-2026-36960
A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...
EUVD-2026-26377
A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...
CVE-2026-36960
A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...
CVE-2025-62797
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...
EUVD-2018-2244
Malware in sbrugna...
EUVD-2017-18725
Malware in sbrugna...
EUVD-2018-18955
Malware in sbrugna...
EUVD-2017-5604
Malware in sbrugna...
EUVD-2017-4646
Malware in sbrugna...
EUVD-2018-7991
Malware in sbrugna...
EUVD-2021-8271
Malicious code in bioql PyPI...
EUVD-2022-43897
Malicious code in bioql PyPI...
EUVD-2021-32602
Malicious code in bioql PyPI...
PT-2025-27600 · Unknown · Active! Mail 6
Name of the Vulnerable Software and Affected Versions: Active! mail 6 versions 6.60.06008562 and earlier Description: A cross-site request forgery issue exists, potentially allowing unintended emails to be sent when a user, who is logged in, accesses a specially crafted URL. Recommendations: For...
CVE-2021-20862
Improper access control vulnerability in ELECOM routers WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior,...
UBUNTU-CVE-2023-7045
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server KAS...
CVE-2023-7045 Cross-Site Request Forgery (CSRF) in GitLab
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server KAS...
PT-2024-4184 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.11 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 GitLab CE/EE versions 17.0 through 17.0.0 Description: A CSRF vulnerability exists within GitLab CE/EE. By leveraging this vulnerability, an attacker coul...
Cross Site Request Forgery
Concrete CMS is vulnerable to Cross Site Request Forgery. The vulnerability is due improper implementation of anti csrf tokens within the following endpoint /ccm/system/dialogs/logs/deleteall/submit. This issue can be exploited by an attacker by sending malicious url to the authenticated admin to...
Cross site request forgery (csrf)
The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...