Lucene search
K

55 matches found

OSV
OSV
added 2025/11/26 11:18 p.m.12 views

GHSA-58C5-G7WP-6W37 Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client

The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery XSRF token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol...

7.7CVSS6.9AI score0.00572EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-0490

Malware in sbrugna...

7.5CVSS6.1AI score0.00571EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-1533

Malware in sbrugna...

8.8CVSS8.8AI score0.01171EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-5051

Malware in sbrugna...

5CVSS6.2AI score0.02955EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-18487

Malware in sbrugna...

8.8CVSS6.9AI score0.01492EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-8501

Malware in sbrugna...

8.8CVSS8.6AI score0.00746EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-0009

Malware in sbrugna...

5CVSS6AI score0.0199EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-0187

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00285EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-3520

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.01993EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0882

Malicious code in bioql PyPI...

6.5CVSS6.9AI score0.00681EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/11 4:26 p.m.6 views

CVE-2025-6001 VirtueMart - Cross Site Request Forgery (CSRF)

A Cross-Site Request Forgery CSRF vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager...

8.3CVSS7.2AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:39 a.m.6 views

CVE-2025-24398

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusive allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

8.8CVSS6.7AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.5 views

CVE-2021-29435

trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...

8.1CVSS7.1AI score0.00657EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.10 views

CVE-2020-8461

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token...

8.8CVSS6.8AI score0.01136EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 p.m.10 views

CVE-2020-35223

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests...

8.8CVSS7.1AI score0.00586EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:44 a.m.8 views

CVE-2019-17590

The csrfcallback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them...

8.8CVSS7.1AI score0.00616EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:42 a.m.9 views

CVE-2015-1391

Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism...

8.8CVSS7AI score0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/11 9:49 p.m.18 views

CVE-2025-27792 Opal vulnerable to CSRF protection bypass

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...

8.7CVSS0.00268EPSS
Exploits0References1
wpexploit
wpexploit
added 2024/02/20 12:0 a.m.174 views

Innovs HR <= 1.0.3.4 - Employee Creation via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. input type="hidden" name="maritalstatus" value="Single"...

6.8AI score0.00366EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/20 12:0 a.m.63 views

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

5.3CVSS7.1AI score0.003EPSS
Exploits2References1
Rows per page
Query Builder