Lucene search
K

613 matches found

Cvelist
Cvelist
added 2026/03/31 8:33 p.m.26 views

CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user ca...

4.3CVSS0.00133EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/31 8:33 p.m.3 views

CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user ca...

4.3CVSS6AI score0.00133EPSS
Exploits1References2
CVE
CVE
added 2026/03/31 8:33 p.m.14 views

CVE-2026-34383

Affected product: Admidio open-source user management. Vulnerability: In versions before 5.0.8, the inventory module’s item_save endpoint accepts a user-controllable POST parameter named “imported” that, when true, bypasses both CSRF validation and server-side form validation. An authenticated us...

4.3CVSS5.9AI score0.00133EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/31 8:33 p.m.4 views

CVE-2026-34383 Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user ca...

4.3CVSS5.9AI score0.00133EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29350

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.8 Description The inventory module's item save endpoint is susceptible to a bypass of both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save...

4.3CVSS6.1AI score0.00133EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/28 1:25 a.m.36 views

CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS0.00256EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/16 9:18 p.m.11 views

Admidio has an HTMLPurifier Bypass in eCard Message Allows HTML Email Injection

Summary The eCard send handler in Admidio uses the raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject arbitrary HTML and JavaScript into greeting card emails sent t...

5.4CVSS5.9AI score0.00227EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/18 8:15 p.m.6 views

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.3 views

CVE-2024-58321 Kentico Xperience <= 13.0.159 Form Validation Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/18 7:53 p.m.23 views

CVE-2024-58321 Kentico Xperience <= 13.0.159 Form Validation Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers...

5.4CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2025/12/18 7:53 p.m.12 views

CVE-2024-58321

CVE-2024-58321 is a stored XSS vulnerability in Kentico Xperience introduced via form validation rule configuration. Affected components are Kentico Xperience ASP.NET Core WebApp and ASP.NET MVC5 Libraries (as referenced in Snyk and CVE records). The underlying issue is insufficient encoding of v...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52328

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the configuration of form validation rules. Successful...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/29 3:31 p.m.21 views

Jenkins Publish to Bitbucket Plugin is missing a permissions check

Jenkins Publish to Bitbucket Plugin 0.4 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the...

4.3CVSS6.5AI score0.00245EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/10/29 3:31 p.m.6 views

Missing Authorization

Overview org.jenkins-ci.plugins:publish-to-bitbucket is a This plugin publishes the current code to a bitbucket server by creating a new repository and/or project. Creates a Bitbucket repository and associated project from the current code. Features Creates Bitbucket repository based on the curre...

5.4CVSS6.7AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 3:31 p.m.5 views

GHSA-V549-7PM5-F8QR Jenkins Publish to Bitbucket Plugin is missing a permissions check

Jenkins Publish to Bitbucket Plugin 0.4 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the...

4.3CVSS6.5AI score0.00245EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-0107

Malware in sbrugna...

9.6CVSS9.2AI score0.02638EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-3818

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00871EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0411

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.01187EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-4214

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.01031EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2637

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01296EPSS
Exploits0References6
Rows per page
Query Builder