14 matches found
EUVD-2018-8289
Malware in sbrugna...
EUVD-2018-7439
Malware in sbrugna...
EUVD-2022-6562
Malicious code in bioql PyPI...
CVE-2025-43759
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows admin users of a virtual instance to add pages that are not in the...
CVE-2018-15203
An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/addpage allows a CSRF attack to add pages...
CVE-2012-1901
Multiple cross-site request forgery CSRF vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to 1 hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or 2 hijack the authentication of administrators for requests...
Fedora 37 : protobuf (2022-25f35ed634)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-25f35ed634 advisory. Selected notes from packaging changes and improvements: 3.19.6 fixes CVE-2022-3171 3.19.5 fixes CVE-2022-1941 License updated to SPDX Unnecessary...
PT-2024-10849 · WordPress · Wp Lead Plus X
Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin for WordPress versions up to, and including, 0.99 Description: The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on several functions. This...
OPENSUSE-SU-2023:0004-1 Security update for multimon-ng
This update for multimon-ng fixes the following issues: - Update to new upstream release 1.2.0 Separated FLEX and FLEXNEXT. The former is identical to 1.1.9, while FLEXNEXT gained new features, as well as known regressions. See 168 Fix CVE-2020-36619 boo1206542 Several smaller POCSAG fixes. Fix f...
CVE-2018-16338
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic...
Ignited CMS Cross-Site Request Forgery Vulnerability
Ignited CMS is a content management system CMS. A cross-site request forgery vulnerability exists in Ignited CMS 2017-02-19 and prior versions. A remote attacker can exploit the vulnerability to add a page with the help of ign/index.php/admin/pages/addpage URL...
CVE-2018-15203
An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/addpage allows a CSRF attack to add pages...
CVE-2012-1901
Multiple cross-site request forgery CSRF vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to 1 hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or 2 hijack the authentication of administrators for requests...
tomcat host manager xss
Cross-site scripting XSS vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action...