Lucene search
K

145 matches found

Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.4 views

PT-2025-20156 · Unknown · Truebooker

Name of the Vulnerable Software and Affected Versions: TrueBooker versions 1.0.7 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.0.7 and earlier, update to a...

4.3CVSS5.5AI score0.0014EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/23 12:0 a.m.4 views

PT-2025-17661 · Drupal · Drupal Search Api Solr

Name of the Vulnerable Software and Affected Versions: Drupal Search API Solr versions 0.0.0 through 4.3.8 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed. This issue can be exploited to perform actions on behalf of another...

4.3CVSS6.5AI score0.00128EPSS
Exploits0References5
CVE
CVE
added 2025/04/17 3:47 p.m.46 views

CVE-2025-32546

CVE-2025-32546 describes a CSRF-to-Reflected XSS on the WordPress plugin “All push notification for WP.” Affected versions are

7.1CVSS7.2AI score0.00127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.9 views

PT-2025-17215 · Unknown · Commercify

Name of the Vulnerable Software and Affected Versions: Commercify version 1.0 Description: A CSRF issue allows remote attackers to perform unauthorized actions on behalf of authenticated users due to missing CSRF protection on sensitive endpoints. Recommendations: For Commercify version 1.0,...

6.3CVSS6.4AI score0.00163EPSS
Exploits1References6
NVD
NVD
added 2025/04/09 5:15 p.m.6 views

CVE-2025-32498

Cross-Site Request Forgery CSRF vulnerability in oleglark VKontakte Cross-Post vkontakte-cross-post allows Stored XSS.This issue affects VKontakte Cross-Post: from n/a through = 0.3.2...

7.1CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/04/09 4:10 p.m.56 views

CVE-2025-31391

CVE-2025-31391 corresponds to a CSRF-triggered Stored XSS in the WordPress plugin “Script Compressor.” Public docs indicate the affected product is Script Compressor (versions up to 1.7.1 as per initial description) and that the underlying issue combines Cross-Site Request Forgery with stored XSS...

7.1CVSS7.2AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.4 views

PT-2025-15731 · Woocommerce · Pagopar – Woocommerce Gateway

Name of the Vulnerable Software and Affected Versions: Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway versions through 2.7.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability and Stored XSS in Pagopar – WooCommerce Gateway. Recommendations: For versions...

7.1CVSS7.2AI score0.00191EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.8 views

PT-2025-15022 · Unknown · Qr Code Tag For Wc

Name of the Vulnerable Software and Affected Versions: QR Code Tag for WC versions 1.9.36 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the QR Code Tag for WC, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.9.36 and...

4.3CVSS5.6AI score0.0018EPSS
Exploits0References4
OSV
OSV
added 2025/04/03 2:11 p.m.11 views

BIT-JOOMLA-2020-35615 [20201106] - Core - CSRF in com_privacy emailexport feature

An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of comprivacy causes a CSRF vulnerability...

6.8CVSS6.4AI score0.00395EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 2:10 p.m.6 views

BIT-JOOMLA-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.8CVSS7.1AI score0.00594EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.4 views

PT-2025-14271 · Infoway Llc · Ebook Downloader

Name of the Vulnerable Software and Affected Versions: Infoway LLC Ebook Downloader versions 1.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Ebook Downloader, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendation...

7.1CVSS7.5AI score0.00131EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/28 11:54 a.m.30 views

CVE-2025-31474 WordPress WP Database Optimizer plugin <= 1.2.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in matthewprice1178 WP Database Optimizer wp-database-optimizer allows Cross Site Request Forgery.This issue affects WP Database Optimizer: from n/a through = 1.2.1.3...

4.3CVSS0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 1:46 p.m.17 views

CVE-2025-30558 WordPress ANAC XML Render plugin <= 1.5.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in EnzoCostantini55 ANAC XML Render anac-xml-render allows Stored XSS.This issue affects ANAC XML Render: from n/a through = 1.5.7...

7.1CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 1:46 p.m.20 views

CVE-2025-30546 WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in boroV Cackle cackle allows Cross Site Request Forgery.This issue affects Cackle: from n/a through = 4.33...

4.3CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/01/31 8:23 a.m.51 views

CVE-2025-23978

CVE-2025-23978 details (FlashCounter WordPress plugin): CSRF leads to Stored XSS in FlashCounter, affecting versions up to 1.1.8. Connected sources confirm the vendor/plugin vulnerability and affected range, with no public patch/version fix provided in the supplied documents. Monitor for updates ...

7.1CVSS7.2AI score0.00129EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/30 12:0 a.m.7 views

GitLab 10.6 < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-1211)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline Redos on Discord integrations Redos on Google Chat Integration Denial of Service Attack via Pin Menu DoS b...

8.8CVSS5.5AI score0.00255EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/21 1:57 p.m.3 views

CVE-2025-22719 WordPress VikAppointments Services Booking Calendar plugin <= 1.2.16 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikAppointments Services Booking Calendar vikappointments allows Stored XSS.This issue affects VikAppointments Services Booking Calendar: from n/a through = 1.2.16...

7.1CVSS7.2AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/01/10 10:15 p.m.26 views

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...

8.8CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/10 12:0 a.m.12 views

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...

3.4CVSS4.2AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2025/01/10 12:0 a.m.56 views

CVE-2025-23113

CVE-2025-23113 affects REDCap 14.9.6. The issue is a CSRF vulnerability in the logout functionality triggered during a CSV upload of alert configuration. An HTML injection payload placed in the alert-title can be sent by an attacker; when the victim views the uploaded data and clicks the alert-ti...

8.8CVSS6.7AI score0.00156EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder