EUVD-2022-41775

Malicious code in bioql PyPI...

EUVD-2022-24881

Malicious code in bioql PyPI...

EUVD-2023-33991

Malicious code in bioql PyPI...

EUVD-2022-2190

Malicious code in bioql PyPI...

EUVD-2025-13887

Malicious code in bioql PyPI...

CVE-2025-9881

The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

Linux Distros Unpatched Vulnerability : CVE-2021-30147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. CVE-2021-30147 Note that Nessus relies on the...

CVE-2025-58809

Cross-Site Request Forgery CSRF vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through = 2.7.3.9...

SUSE CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

UBUNTU-CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

CVE-2025-47909

The CVE-2025-47909 entry describes a CSRF vulnerability in gorilla/csrf related to how TrustedOrigins can permit both HTTP and HTTPS origins. Affected component: gorilla/csrf (Go web middleware). Root cause: Origin/Trust logic allows a host listed in TrustedOrigins to bypass same-origin checks, e...

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

CVE-2025-51541

Shopware 6 stores user input in /recovery/install/database-configuration/ via the c_database_schema field without proper sanitization, enabling stored XSS. The issue can be triggered through a CSRF-enabled POST; lack of CSRF protections allows an unauthenticated attacker to craft a page that stor...

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

WordPress plugin Avishi WP PayPal Payment Button 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

The vulnerability of the web interface of IP camera software and digital/netscreen video recorders from Avtech allows a intruder to perform a CSRF attack.

The vulnerability of the web interface of IP camera software and digital/netscreen recorders from Avtech relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...

PT-2025-27868 · Unknown · Contact Form 7

Name of the Vulnerable Software and Affected Versions: Contact Form 7 reCAPTCHA versions 1.2.0 and earlier Description: The issue is related to a Cross Site Request Forgery CSRF problem. It affects the reCAPTCHA component of Contact Form 7, allowing unauthorized requests to be made on behalf of a...

CVE-2024-4994

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...