CVE-2025-49852

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers...

CVE-2025-6341

A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-49967 WordPress Live Sports Streamthunder plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in marcusjansen Live Sports Streamthunder allows Cross Site Request Forgery. This issue affects Live Sports Streamthunder: from n/a through 2.1...

BlueRiSC WindowsSCOPE Cyber Forensics 数据伪造问题漏洞

BlueRiSC WindowsSCOPE Cyber Forensics is a GUI-based memory forensic capture and analysis toolkit from BlueRiSC. BlueRiSC WindowsSCOPE Cyber Forensics suffers from a Data Forgery Issue vulnerability that stems from a lack of constraints in the rv32im circuit, which could lead to a malicious prove...

CVE-2025-6063 XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'xisearch-key-config' page. This makes it possible for unauthenticated attackers to update settings and inject...

Microsoft Windows 数据伪造问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A data forgery vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to bypass certain functionality. The following products and versions are...

CVE-2025-5885 Konica Minolta bizhub cross-site request forgery

A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-48962

Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 Windows, Linux before build 39938...

CVE-2025-30986 WordPress Elite Video Player plugin <= 10.0.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in CreativeMedia Elite Video Player elite-video-player allows Cross Site Request Forgery.This issue affects Elite Video Player: from n/a through = 10.0.5...

CVE-2025-49269 WordPress Market Exporter plugin <= 2.0.22 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Anton Vanyukov Market Exporter market-exporter allows Cross Site Request Forgery.This issue affects Market Exporter: from n/a through = 2.0.22...

WordPress WP Mail Options plugin <= 0.2.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Mail Options versions = 0.2.3...

WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability

CSRF to Arbitrary File Deletion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin POEditor versions = 0.9.10...

CVE-2025-24533

Cross-Site Request Forgery CSRF vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Cross Site Request Forgery.This issue affects Responsive Slider by MetaSlider: from n/a through = 3.92.0...

CVE-2024-42627

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/snippet/delete/3...

CVE-2024-28672

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/mediaedit.php...

CVE-2024-28429

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/archivesdo.php...

CVE-2024-30965

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/memberscores.php...

CVE-2024-24028

Server Side Request Forgery SSRF vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo...

CVE-2024-22873

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery SSRF via the event subscription function /service/subscription.go. This vulnerability allows attackers to access internal requests via a crafted POST request...

CVE-2024-9281

A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and...