CVE-2025-41273

CVE-2025-41273 affects Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040). Nozomi Networks Labs describe CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI, enabling remote unauthenticated attackers to bypass authentication and perform actions as an...

EUVD-2026-30134

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

CVE-2025-34407

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response, allowing an attacker to bre...

CVE-2025-34399

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScript...

CVE-2025-34402

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

PT-2025-50145

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the theme parameter of the ''/Mondo/lang/sys/Forms/Statistics.aspx'' endpoint. The theme value is not...

PT-2025-50137

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the AddressesBcc parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The AddressesBcc val...

PT-2025-50136

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of the ''/Mobile/Compose.aspx'' API endpoint. The Message value is not proper...

CVE-2025-62346

A Cross-Site Request Forgery CSRF vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint...

PT-2025-44246

Name of the Vulnerable Software and Affected Versions blubrry PowerPress Podcasting versions through 11.13.12 Description A Cross-Site Request Forgery CSRF issue exists in blubrry PowerPress Podcasting. This allows attackers to potentially perform actions on behalf of authenticated users without...

CVE-2024-54792

A Cross-Site Request Forgery CSRF vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users...

Comtrend router WLD71-T1 cross-site request forgery vulnerability

Comtrend router WLD71-T1 is a router from China Comtrend Telecom Comtrend. A cross-site request forgery vulnerability exists in Comtrend router WLD71-T1 version v2.0.201820, which stems from vulnerability to a cross-site request forgery attack that allows an attacker to force an end user to perfo...

CVE-2023-6671

A vulnerability has been discovered on OJS, that consists in a CSRF Cross-Site Request Forgery attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated...

CVE-2023-25924 IBM Security Key Lifecycle Manager improper authorization

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630...

CVE-2023-20856

VMware vRealize Operations vROps contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user...

CVE-2021-1257 Cisco DNA Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The...