CVE-2025-23411

mySCADA myPRO Manager is vulnerable to cross-site request forgery CSRF, which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website...

WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Grand Blog versions 3.1.5...

📄 MagnusBilling 6 Server-Side Request Forgery / Path Traversal

Proof of concept exploit for MagnusBilling 6 vulnerabilities including server-side request forgery, path traversal, and cryptographic weaknesses. ============================================================================================================================================= | Title :...

Ever Gauzy Platform 数据伪造问题漏洞

Ever Gauzy Platform is an open source business management platform from Ever. A Data Forgery Issue vulnerability exists in Ever Gauzy Platform version v0.281.9, which stems from an improper implementation of JWT authentication that could lead to unauthorized access...

CVE-2025-14277

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the importelementortemplate AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make we...

ALTCHA 数据伪造问题漏洞

ALTCHA is a self-hosted CAPTCHA software from ALTCHA Open Source. ALTCHA suffers from a Data Forgery Problem vulnerability that stems from HMAC signatures not explicitly bound to challenge parameters, which could lead to replay attacks...

CVE-2025-13363

The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's URL...

WordPress Business Directory Plugin Cross-Site Request Forgery Vulnerability

WordPress Business Directory Plugin is a plugin for creating and managing business directories such as business yellow pages, real estate listings, or classified ads on your WordPress website. WordPress Business Directory Plugin suffers from a cross-site request forgery vulnerability that stems...

CVE-2020-36884

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...

Adobe Acrobat Reader 数据伪造问题漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader versions 24.001.30264 and 20.005.30793 and 25.001.20982 and 24.001.30273 and 20.005.30803 and prior versions have a data forgery issue...

Ivanti Endpoint Manager 数据伪造问题漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti USA. A data forgery issue vulnerability exists in versions prior to Ivanti Endpoint Manager 2024 SU4 SR1 that stems from improper cryptographic signature validation and could lead to remote code execution...

PT-2025-49967

Name of the Vulnerable Software and Affected Versions UsersWP versions through 1.2.48 Description The UsersWP plugin contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to potentially perform actions on behalf of an authenticated user without their knowledge. The issue impacts...

EUVD-2025-200120

Portkey.ai Gateway: Server-Side Request Forgery SSRF in Custom Host...

WordPress plugin NikanWP WooCommerce Reporting 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Nikan...

Always Encrypted Kubernetes 数据伪造问题漏洞

Always Encrypted Kubernetes is a container encryption software open source by Edgeless Systems. A data forgery issue vulnerability exists in versions prior to Always Encrypted Kubernetes 2.24.0 that stems from insecure handling of the empty key slot algorithm, which could lead to unencrypted...

PT-2025-43770

Cross-Site Request Forgery CSRF vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus Slidebars off-canvas-sidebars allows Cross Site Request Forgery.This issue affects Off-Canvas Sidebars & Menus Slidebars: from n/a through = 0.5.8.5...

WordPress CloudSearch plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CloudSearch versions = 3.0.0...

EUVD-2020-18040

Malware in sbrugna...

EUVD-2021-2235

Malware in sbrugna...

EUVD-2020-25203

Malware in sbrugna...