330 matches found
DEBIAN-CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
CVE-2025-26803
CVE-2025-26803 affects Phusion Passenger: the http parser in versions 6.0.21–6.0.25 (before 6.0.26) is vulnerable to denial of service when parsing a request with an invalid HTTP method. The issue is mitigated by upgrading to Passenger 6.0.26 or later. No exploitation details are provided in the ...
CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
Phusion Passenger denial of service
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
CVE-2024-55924
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55921
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
Cross-Site Request Forgery (CSRF)
typo3/cms-beuser is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, where HTTP GET submissions are incorrectly accepted instead of enforcing the appropriate HTTP method. Misconfigurations, such as...
Cross-Site Request Forgery (CSRF)
typo3/cms-scheduler is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods and a failure to enforce appropriate security settings, which allows attackers to submit malicious requests through CSRF...
Cross-Site Request Forgery (CSRF)
typo3/cms-form is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, which incorrectly accept submissions via HTTP GET requests instead of enforcing the correct HTTP method. Misconfigured settings, such ...
CVE-2024-55922
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55920
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55920
CVE-2024-55920 affects TYPO3 and specifically the backend Dashboard Module . The issue is a CSRF in deep-link handling plus improper use of HTTP GET for state-changing actions. Exploitation requires an active backend session and a user-initiated visit to a malicious URL, typically via phishing, w...
CVE-2024-55921
Summary: CVE-2024-55921 affects TYPO3 via the Extension Manager Module, where a CSRF weakness in deep-link handling and improper acceptance of state-changing actions via HTTP GET can allow an attacker to abuse an active backend session through a malicious URL. Conditions that enable exploitation ...
CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55923
CVE-2024-55923 describes a CSRF flaw in the TYPO3 backend deep-link functionality within the Indexed Search Module . The vulnerability can enable an attacker to delete items in the module when a logged-in backend user is tricked into visiting a malicious URL, under misconfigurations where the bac...