AlmaLinux 8 : idm:DL1 (ALSA-2024:0143)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0143 advisory. Kerberos: delegation constrain bypass in S4U2Proxy CVE-2020-17049 ipa: Invalid CSRF protection CVE-2023-5455 Tenable has extracted the preceding descripti...

Hyperledger Aries Cloud Agent Python Data Forgery Issue Vulnerability

Hyperledger Aries Cloud Agent Python is a tool for building the foundation of decentralized identity applications and services that run in non-mobile environments. A data forgery issue vulnerability exists in Hyperledger Aries Cloud Agent Python versions prior to 0.7.0, which stems from a data...

CVE-2024-0303 Youke365 Parameter caiji.php server-side request forgery

A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch t...

Honor Magic Ui Data Forgery Issue Vulnerability

Honor Magic Ui is an Android-based mobile operating system developed by Chinese company Honor. A security vulnerability exists in Honor Magic Ui, which stems from a signature management vulnerability that can be successfully exploited to cause a forged system file to overwrite a correct system fi...

sendmail Data Forgery Issue Vulnerability

sendmail is sendmail open source a multi-purpose, multi-protocol support cross-network e-mail sending agent software. A data forgery issue vulnerability exists in sendmail 8.14.7 and earlier versions, which stems from a vulnerability that allows an attacker to bypass the SPF protection mechanism...

CVE-2023-22674 WordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access Control

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2...

CVE-2023-48755 WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4...

Cross site request forgery (csrf)

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/friendlink/update...

CVE-2023-49380

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/friendlink/delete...

CVE-2023-27451

Server-Side Request Forgery SSRF vulnerability in Darren Cooney Instant Images plugin = 5.1.0.2 versions...

CVE-2023-27633 WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...

CVE-2023-48020

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/changeStatus...

CVE-2023-43649 baserCMS CSRF vulnerability in Content preview Feature

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

CVE-2023-44260 WordPress Woocommerce ESTO Plugin <= 2.23.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin = 2.23.1 versions...

CVE-2023-39923

Cross-Site Request Forgery CSRF vulnerability in RadiusTheme The Post Grid plugin = 7.2.7 versions...

VulnCheck KEV: CVE-2019-9621

Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery SSRF vulnerability via the ProxyServlet component...

ZOHO ManageEngine ADSelfService Plus Data Forgery Issue Vulnerability

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A data forgery vulnerability exists in ZOHO ManageEngine ADSelfService Plus that stems from a lack of proper authentication of data...

EmpowerID Data Forgery Issue Vulnerability

EmpowerID is an all-in-one identity management and cloud security suite from EmpowerID. EmpowerID version 7.205.0.0 previously had a data forgery issue vulnerability. An attacker could exploit the vulnerability to obtain sensitive information...

Class Scheduling System Data Forgery Problem Vulnerability

Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0, which stems from a lack of authentication when changing email addresses or passwords, allowing a remote attacker to take over an account...

CVE-2023-34029 WordPress Disable WordPress Update Notifications Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...