CVE-2024-53829 Cross-Site Request Forgery in CodeChecker API

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...

CVE-2025-0584 aEnrich Technology a+HRD - Server-Side Request Forgery (SSRF)

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network...

AWS Cloud Development Kit 数据伪造问题漏洞

AWS Cloud Development Kit is an open source software development framework open sourced by Amazon Web Services for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A data forgery vulnerability exists in AWS Cloud Development Kit, which stems from the fact that it...

WordPress plugin Flying Twitter Birds 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2024-37540 WordPress Leaky Paywall plugin <= 4.21.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Leaky Paywall Leaky Paywall allows Cross Site Request Forgery.This issue affects Leaky Paywall: from n/a through 4.21.2...

CVE-2024-37493

CVE-2024-37493 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the Posterity WordPress theme (Posterity) for versions n/a through 3.3. The connected records consistently describe the issue as CSRF affecting Posterity: from n/a through &lt;= 3.3, and list Posterity 3.3 as affec...

CVE-2024-37467 WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themeisle Hestia hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through = 3.1.2...

CVE-2024-37441 WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DesertThemes NewsMash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through 1.0.34...

WordPress plugin Coachify 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

CVE-2024-56218

Cross-Site Request Forgery CSRF vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.1...

CVE-2024-10044

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's...

CVE-2024-52579

Summary: CVE-2024-52579 in Misskey pertains to a Server-Side Request Forgery (SSRF) due to improper host checking in APIs using HttpRequestService. The vulnerability allows an attacker to make POST or GET requests to internal/private IPs, enabling attacks on internal servers. Affected versions: M...

WordPress Increase Sociability plugin <= 1.3.0 - Reflected Cross Site Request Forgery (CSRF) vulnerability

Reflected Cross Site Request Forgery CSRF vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Increase Sociability versions = 1.3.0...

CVE-2024-12349 JFinalCMS save cross-site request forgery

A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

CVE-2024-53472

WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery CSRF...

Red Hat Ceph Storage 数据伪造问题漏洞

Red Hat Ceph Storage is a suite of scalable, open software-defined storage platforms from Red Hat USA. A data forgery issue vulnerability exists in Red Hat Ceph Storage that stems from the presence of an authentication bypass...

WordPress plugin Custom Post Type to Map Store 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-11118

CVE-2024-11118 affects the WordPress 404 Error Monitor plugin up to version 1.1. It is a CSRF vulnerability caused by missing nonce validation in updatePluginSettings(), enabling unauthenticated attackers to forge requests that modify plugin settings and clear error logs if a site admin clicks a ...

PT-2024-8727 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 3.2.5 and earlier Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send...

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...