39 matches found
CVE-2026-1857 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...
PT-2026-20288
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the get items function of the GetResponse REST API handler. The endpoint's...
CVE-2025-63739
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...
EUVD-2025-202292
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...
CVE-2025-62258
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the endpoint parameter...
Liferay Portal Vulnerable to CSRF in Headless APIs
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the endpoint parameter...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the endpoint parameter in Headless API. An attacker can perform unauthorized actions by tricking a user into making unintended requests. Remediation A fix was pushed into the master branch but not yet...
GHSA-GH4W-8QGQ-8W9R Liferay Portal Vulnerable to CSRF in Headless APIs
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the endpoint parameter...
EUVD-2025-36371
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the endpoint parameter...
CVE-2025-62258
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the endpoint parameter...
CVE-2025-62258
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the endpoint parameter...
CVE-2025-62258
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the endpoint parameter...
CVE-2025-62258
CSRF in Headless API of Liferay Portal and Liferay DXP affects multiple releases: Liferay Portal 7.4.0–7.4.3.107 and Liferay DXP 2023.Q3.1–2023.Q3.4, plus 7.4 GA up to update 92 and 7.3 GA up to update 35, and older unsupported versions. The vulnerability allows remote attackers to execute any He...
PT-2025-44063
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4.0 through 7.4.3.107 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal versions 7.4 GA through update 92 Description A Cross-Site Request Forgery CSRF...
EUVD-2017-8854
Malware in sbrugna...
EUVD-2025-25202
Malicious code in bioql PyPI...
EUVD-2025-24643
Malicious code in bioql PyPI...
Cross-Site Request Forgery (CSRF)
com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of the endpoint parameter, which allows an attacker to perform cross-origin requests on behalf of an authenticated user...
CVE-2025-43745
A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remo...
GHSA-7Q33-GWCM-R6CJ Liferay Portal CSRF Vulnerability via Endpoint Parameter
A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remo...