Lucene search
K

44 matches found

NVD
NVD
added 2025/04/17 6:15 p.m.23 views

CVE-2025-29722

A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints...

6.3CVSS0.00163EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/17 12:0 a.m.20 views

CVE-2025-29722

A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints...

0.00163EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.4 views

Tuleap 跨站请求伪造漏洞

Tuleap is an open source suite from Enalean Open Source designed to improve the management of software development and collaboration. Tuleap suffers from a cross-site request forgery vulnerability that stems from missing CSRF protection in the tracker view, which could lead to a victim submitting...

4.6CVSS6.6AI score0.00188EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.3 views

Tuleap 跨站请求伪造漏洞

Tuleap is an open source suite from Enalean Open Source designed to improve the management of software development and collaboration. A cross-site request forgery vulnerability exists in Tuleap Community Edition prior to 16.4.99.1740414959 and Tuleap Enterprise Edition prior to 16.4-6, and prior ...

4.6CVSS6.5AI score0.00154EPSS
Exploits0References5
NVD
NVD
added 2024/12/05 8:15 p.m.12 views

CVE-2023-48010

STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets...

9.8CVSS0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/05 12:0 a.m.15 views

CVE-2023-48010

STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets...

0.00445EPSS
Exploits0References2
NVD
NVD
added 2024/09/04 8:15 p.m.9 views

CVE-2024-45172

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery CSRF attacks. The C-MOR web interface offers no protection against cross-site request forgery CSRF attacks...

6.8CVSS0.0037EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.10 views

WordPress plugin Base64 Encoder/Decoder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

2.4CVSS6.6AI score0.00217EPSS
Exploits2References2
ICS
ICS
added 2023/11/28 7:0 a.m.40 views

BD FACSChorus

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION : Low attack complexity Vendor : Becton, Dickinson and Company BD Equipment : FACSChorus Vulnerabilities : Missing Protection Mechanism for Alternate Hardware Interface, Missing Authentication for Critical Function, Improper Authentication, Use...

5.7CVSS5.5AI score0.00378EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/10/14 12:0 a.m.7 views

The vulnerability of the FortiSandbox system’s threat detection and mitigation mechanism arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary code.

The vulnerability of the FortiSandbox threat detection and mitigation system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.6CVSS6.7AI score0.00434EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/03 11:11 a.m.12 views

CVE-2023-3669 CODESYS: Missing Brute-Force protection in CODESYS Development System

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog...

3.3CVSS3.9AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.3 views

WordPress plugin RapidExpCart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.7AI score0.00239EPSS
Exploits2References2
OSV
OSV
added 2023/04/24 1:15 p.m.4 views

CVE-2022-48477

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...

9.8CVSS5.8AI score0.00482EPSS
Exploits0References1
ICS
ICS
added 2022/12/01 12:0 a.m.18 views

BD BodyGuard Pumps

1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Becton, Dickinson and Company BD Equipment: BodyGuard Pumps Vulnerability: Missing Protection Mechanism for Alternate Hardware Interface 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change configuration...

5.3CVSS5.4AI score0.00218EPSS
Exploits0References4
CVE
CVE
added 2022/09/08 7:10 a.m.53 views

CVE-2022-38399

CVE-2022-38399 affects Planex SmaCam CS-QR10 (all versions) and SmaCam Night Vision CS-QR20 (all versions). Root cause: missing protection mechanism for the alternate hardware interface, enabling an attacker with physical access to trigger arbitrary OS command execution by connecting to the devic...

6.8CVSS6.8AI score0.00341EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/08 12:0 a.m.6 views

PT-2022-24406 · Unknown · Smacam Night Vision Cs-Qr20 +1

Name of the Vulnerable Software and Affected Versions: SmaCam CS-QR10 all versions SmaCam Night Vision CS-QR20 all versions Description: A missing protection mechanism for an alternate hardware interface in the affected products allows an attacker to execute an arbitrary OS command by connecting ...

6.8CVSS6.8AI score0.00341EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.5 views

Solidus 跨站请求伪造漏洞

Solidus is an open source e-commerce system. A cross-site request forgery vulnerability exists in Solidus Solidusauthdevise, which stems from a lack of CSRF authentication in the product. An attacker could send an unintended request to the server through this vulnerability...

9.3CVSS5.5AI score0.00609EPSS
Exploits1References3
OSV
OSV
added 2021/08/16 11:15 a.m.1 views

CVE-2021-24536

The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue...

6.1CVSS5.8AI score0.00412EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/05/20 12:0 a.m.6 views

Opennms Group OpenNMS 跨站请求伪造漏洞

Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the US-based OpenNMS Group Opennms Group. A security vulnerability exists in OpenNMS Horizon that stems from the lack of CSRF protection and failure to validate existing usernames whe...

4.3CVSS5.1AI score0.00633EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/03/15 12:0 a.m.4 views

Argo 跨站脚本漏洞

Argo is an open source container-native workflow engine. A security vulnerability exists in Argo that stems from a missing cross-site protection header that results in the browser's cross-site protection not being activated...

6.1CVSS6AI score0.0071EPSS
Exploits0References3
Rows per page
Query Builder