44 matches found
CVE-2025-29722
A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints...
CVE-2025-29722
A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints...
Tuleap 跨站请求伪造漏洞
Tuleap is an open source suite from Enalean Open Source designed to improve the management of software development and collaboration. Tuleap suffers from a cross-site request forgery vulnerability that stems from missing CSRF protection in the tracker view, which could lead to a victim submitting...
Tuleap 跨站请求伪造漏洞
Tuleap is an open source suite from Enalean Open Source designed to improve the management of software development and collaboration. A cross-site request forgery vulnerability exists in Tuleap Community Edition prior to 16.4.99.1740414959 and Tuleap Enterprise Edition prior to 16.4-6, and prior ...
CVE-2023-48010
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets...
CVE-2023-48010
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets...
CVE-2024-45172
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery CSRF attacks. The C-MOR web interface offers no protection against cross-site request forgery CSRF attacks...
WordPress plugin Base64 Encoder/Decoder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
BD FACSChorus
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION : Low attack complexity Vendor : Becton, Dickinson and Company BD Equipment : FACSChorus Vulnerabilities : Missing Protection Mechanism for Alternate Hardware Interface, Missing Authentication for Critical Function, Improper Authentication, Use...
The vulnerability of the FortiSandbox system’s threat detection and mitigation mechanism arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary code.
The vulnerability of the FortiSandbox threat detection and mitigation system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2023-3669 CODESYS: Missing Brute-Force protection in CODESYS Development System
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog...
WordPress plugin RapidExpCart 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2022-48477
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...
BD BodyGuard Pumps
1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Becton, Dickinson and Company BD Equipment: BodyGuard Pumps Vulnerability: Missing Protection Mechanism for Alternate Hardware Interface 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change configuration...
CVE-2022-38399
CVE-2022-38399 affects Planex SmaCam CS-QR10 (all versions) and SmaCam Night Vision CS-QR20 (all versions). Root cause: missing protection mechanism for the alternate hardware interface, enabling an attacker with physical access to trigger arbitrary OS command execution by connecting to the devic...
PT-2022-24406 · Unknown · Smacam Night Vision Cs-Qr20 +1
Name of the Vulnerable Software and Affected Versions: SmaCam CS-QR10 all versions SmaCam Night Vision CS-QR20 all versions Description: A missing protection mechanism for an alternate hardware interface in the affected products allows an attacker to execute an arbitrary OS command by connecting ...
Solidus 跨站请求伪造漏洞
Solidus is an open source e-commerce system. A cross-site request forgery vulnerability exists in Solidus Solidusauthdevise, which stems from a lack of CSRF authentication in the product. An attacker could send an unintended request to the server through this vulnerability...
CVE-2021-24536
The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue...
Opennms Group OpenNMS 跨站请求伪造漏洞
Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the US-based OpenNMS Group Opennms Group. A security vulnerability exists in OpenNMS Horizon that stems from the lack of CSRF protection and failure to validate existing usernames whe...
Argo 跨站脚本漏洞
Argo is an open source container-native workflow engine. A security vulnerability exists in Argo that stems from a missing cross-site protection header that results in the browser's cross-site protection not being activated...