CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

CVE-2026-36956

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...

Cross-Site Request Forgery (CSRF)

github.com/1panel-dev/1panel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections such as anti-CSRF tokens or Origin/Referer validation, which allows an attacker to craft a malicious webpage that triggers unauthorized panel name changes when a...

CVE-2026-24432 Tenda W30E V2 Missing CSRF Protections for Administrative Actions

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 lack cross-site request forgery CSRF protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered b...

CVE-2025-64760 Tuleap has missing CSRF protections in its tracker trigger management system

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove track...

CVE-2025-63711

A Cross-Site Request Forgery CSRF vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint e.g.,...

SUSE CVE-2016-11071

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place...

The vulnerability of the Documino automation platform for electronic document processing lies in the lack of measures taken to protect the SQL query structure, allowing attackers to enhance their privileges.

The vulnerability of the Documino automation platform for electronic document processing lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow attackers to enhance their privileges by sending specially crafted SQL queries...

The vulnerability of the client creation function of the VideoGrace software allows a hacker to execute XSS attacks.

The vulnerability of the client creation function of the VideoGrace video conferencing software relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...

CVE-2024-5676

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery CSRF attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system...

CVE-2025-28062

A Cross-Site Request Forgery CSRF vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections...

CVE-2025-28062

A Cross-Site Request Forgery CSRF vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections...

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software lies in the lack of measures to neutralize special elements, allowing attackers to execute arbitrary code.

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Cisco Identity Services Engine ISE web interface relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability in the web-based interface for managing software for network deployment and security management in HPE Aruba Networking Fabric Composer allows attackers to execute cross-site scripting attacks.

The vulnerability in the web-based interface for managing software for network deployment and security management in HPE Aruba Networking Fabric Composer is related to the lack of protective measures for the web page structure. Exploiting this vulnerability could allow a malicious actor to carry...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to perform cross-site scripting attacks.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the web conference component of the MiCollab collaboration platform allows a attacker to perform cross-site scripting attacks.

The vulnerability of the web conference component of the MiCollab collaboration platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...

CVE-2024-45172

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery CSRF attacks. The C-MOR web interface offers no protection against cross-site request forgery CSRF attacks...

The vulnerability of the TinyMCE formatted text editor arises from the lack of measures taken to protect the structure of web pages. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the TinyMCE formatted text editor exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

The vulnerability of the Bulletin Messages module in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Bulletin Messages module in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting...