1834 matches found
CVE-2025-47244
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C reflection layer, as demonstrated by causing a denial of service when an attacker executes a loop calling RestartWeb or obtaining potentially sensitive information. Exploitation can occur if...
CVE-2025-47244
CVE-2025-47244 affects Inedo ProGet (versions 2024.22 and earlier). The vulnerability stems from the C# reflection layer, which can be abused by remote attackers to reach restricted functionality, potentially causing a denial of service (e.g., looping RestartWeb) or exposing sensitive information...
CVE-2025-47244
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C reflection layer, as demonstrated by causing a denial of service when an attacker executes a loop calling RestartWeb or obtaining potentially sensitive information. Exploitation can occur if...
The vulnerability of the PSL validation mechanism in the Apache HttpClient client module of Apache HttpComponents allows a attacker to perform a CSRF attack.
The vulnerability of the PSL validation mechanism in the Apache HttpClient client module of Apache HttpComponents is related to errors in the certificate authentication process. Exploiting this vulnerability can allow a malicious actor to execute a CSRF attack remotely...
CVE-2025-3635
A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...
Unspecified Vulnerability in Siemens SENTRON 7KT PAC1260 Data Manager
Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. A security vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager that stems from a web interface of the affected device that allows the login password to be changed...
Unspecified Vulnerability in Siemens SENTRON 7KT PAC1260 Data Manager (CNVD-2025-07815)
Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. A security vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager that stems from a web interface of the affected device that allows the login password to be changed...
GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)
Exploit Title: GestioIP 3.5.7 - Reflected Cross-Site Scripting Reflected XSS Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859...
CVE-2024-6857
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack...
flatCore 1.5 - Cross Site Request Forgery (CSRF)
Exploit Title: flatCore 1.5 - Cross Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS Version: d3a5168 Tested on: Ubuntu Windows CVE : CVE-2019-13961 PoC: CSRF PoC...
CVE-2025-32580 WordPress DeBounce Email Validator plugin <= 5.7.1 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in debounce DeBounce Email Validator allows Stored XSS. This issue affects DeBounce Email Validator: from n/a through 5.7.1...
CVE-2024-6860
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...
CVE-2024-6860 WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...
CVE-2024-41796
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack CVE-2024-41795 an unauthenticated attacker could be able...
CVE-2024-41796
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack CVE-2024-41795 an unauthenticated attacker could be able...
CVE-2024-41796
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack CVE-2024-41795 an unauthenticated attacker could be able...
CVE-2024-41796
SENTRON 7KT PAC1260 Data Manager (All versions) exposes a web- interface vulnerability that allows changing the login password without the current one. When combined with a CSRF attack (CVE-2024-41795), an unauthenticated attacker could set the password to a value under attacker control. No remed...
PT-2025-15394 · Unknown · Senron 7Kt Pac1260 Data Manager
Name of the Vulnerable Software and Affected Versions: SENRON 7KT PAC1260 Data Manager all versions Description: A security issue has been identified where the web interface of affected devices allows changing the login password without knowing the current password. In combination with a prepared...
CVE-2025-1762
CVE-2025-1762 concerns the WordPress plugin Event Tickets with Ticket Scanner prior to version 2.5.4. The root cause is missing CSRF protection when updating settings, enabling a logged-in attacker to cause settings changes via CSRF. Public sources (NVD, Red Hat, CVE lists) confirm the vulnerabil...
CVE-2025-1762 Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF
The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...