CVE-2025-30912 WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Float menu float-menu allows Cross Site Request Forgery.This issue affects Float menu: from n/a through = 6.1.2...

Cisco IOS XR Data Forgery Issue Vulnerability

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a data forgery vulnerability that stems from insufficient module validation during software loading, which could be exploited by an attacker to launch...

CVE-2024-12775

langgenius/dify version 0.10.1 contains a Server-Side Request Forgery SSRF vulnerability in the test functionality for the Create Custom Tool option via the REST API POST /console/api/workspaces/current/tool-provider/api/test/pre. Attackers can set the url in the servers dictionary in OpenAI's...

RockyLinux 9 : krb5 (RLSA-2024:9474)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9474 advisory. freeradius: forgery attack CVE-2024-3596 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus ha...

CVE-2025-22474

Dell SmartFabric OS10 Software, versions 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contains a Server-Side Request Forgery SSRF vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery...

CVE-2025-25873

Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function...

CVE-2025-28941 WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ohtan Spam Byebye spam-byebye allows Cross Site Request Forgery.This issue affects Spam Byebye: from n/a through = 2.2.4...

CVE-2025-28910 WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ravinder Khurana WP Hide Admin Bar wp-hide-admin-bar allows Cross Site Request Forgery.This issue affects WP Hide Admin Bar: from n/a through = 2.0...

Microsoft .NET 数据伪造问题漏洞

Microsoft .NET is a software framework from Microsoft Corporation USA dedicated to agile software development, rapid application development, platform-independence, and web transparency. A data forgery vulnerability exists in Microsoft . An attacker exploiting this vulnerability could remotely...

CVE-2025-25907

CVE-2025-25907 affects the tianti CMS, version 2.3. The issue is a Cross-Site Request Forgery (CSRF) in the component /user/ajax/save that allows an attacker to cause arbitrary operations via a crafted GET or POST request. The primary consequence is unauthorized actions performed with the user’s ...

CVE-2025-27910

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

CVE-2025-2116

A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /newsedit/newsedit/xy/imageProxy.do of the component File Protocol Handle...

CVE-2025-27344 WordPress Phee's LinkPreview Plugin <= 1.6.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in filipstepanov Phee's LinkPreview linkpreview allows Cross Site Request Forgery.This issue affects Phee's LinkPreview: from n/a through = 1.6.7...

CVE-2025-27317 WordPress RAYS Grid Plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in IT-RAYS RAYS Grid rays-grid allows Cross Site Request Forgery.This issue affects RAYS Grid: from n/a through = 1.3.1...

CVE-2024-31845

An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is...

SUSE CVE-2025-24032

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

CVE-2024-31424

Cross-Site Request Forgery CSRF vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.6.93...

CVE-2024-35138

IBM Security Verify Access Appliance and Container versions 10.0.0–10.0.8 are vulnerable to cross-site request forgery (CSRF), enabling an attacker to perform malicious actions on behalf of a trusted user. Root cause: CSRF in the web application allows unauthorized actions transmitted from a user...

CVE-2025-24533 WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Cross Site Request Forgery.This issue affects Responsive Slider by MetaSlider: from n/a through = 3.92.0...

CVE-2025-24738 WordPress Call Now Button plugin <= 1.4.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jerry Rietveld Call Now Button call-now-button allows Cross Site Request Forgery.This issue affects Call Now Button: from n/a through = 1.4.13...