55 matches found
GHSA-58C5-G7WP-6W37 Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery XSRF token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol...
EUVD-2009-0490
Malware in sbrugna...
EUVD-2014-1533
Malware in sbrugna...
EUVD-2010-5051
Malware in sbrugna...
EUVD-2019-18487
Malware in sbrugna...
EUVD-2015-8501
Malware in sbrugna...
EUVD-2014-0009
Malware in sbrugna...
EUVD-2025-0187
Malicious code in bioql PyPI...
EUVD-2022-3520
Malicious code in bioql PyPI...
EUVD-2024-0882
Malicious code in bioql PyPI...
CVE-2025-6001 VirtueMart - Cross Site Request Forgery (CSRF)
A Cross-Site Request Forgery CSRF vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager...
CVE-2025-24398
Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusive allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...
CVE-2020-8461
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token...
CVE-2020-35223
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests...
CVE-2019-17590
The csrfcallback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them...
CVE-2015-1391
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism...
CVE-2025-27792 Opal vulnerable to CSRF protection bypass
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...
Innovs HR <= 1.0.3.4 - Employee Creation via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. input type="hidden" name="maritalstatus" value="Single"...
3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad
Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...