CVE-2026-23622

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from...

CVE-2025-63952

CVE-2025-63952 describes a CSRF vulnerability in Magewell Pro Convert v1.2.213, specifically in the /mwapi?method=add-user endpoint, which can allow an attacker to create accounts via a crafted GET request. Multiple connected sources (Red Hat, CNNVD, CVE lists, and PT Security) confirm the issue ...

Cisco ATA 190 安全漏洞

The Cisco ATA 190 is an analog telephone adapter from Cisco USA. A security vulnerability exists in the Cisco ATA 190 that originates when the HTTP server allows state changes in GET requests. An unauthenticated, remote attacker could exploit this vulnerability to modify the configuration or rebo...

CVE-2024-39063

Lime Survey = 6.5.12 is vulnerable to Cross Site Request Forgery CSRF. The YIICSRFTOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests...

Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37631)

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability exists in the handling of GET method requests in versions of Quest NetVault Backup prior to 11.4.5, which stems from the program failing to properly detect user-submitted strings prior...

The vulnerability of Juniper SRX 240 router microprogramming software allows a attacker to bypass the CSRF protection of the J-Web interface.

The Juniper SRX 240 router software contains a vulnerability in the Sajax AJAX library, which stems from the lack of checking the “csrftoken” parameter for GET requests...