PT-2026-48789

Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote...

PT-2026-34780

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An agentic consent bypass allows LLM agents to silently disable execution approval. Remote attackers can exploit this by using the config.patch parameter to bypass security controls and execute...

CVE-2025-70146

CVE-2025-70146 affects ProjectWorlds Online Time Table Generator 1.0. Multiple administrative action scripts under /admin/ lack authentication, enabling remote attackers to perform unauthorized admin operations (e.g., add/delete records) via direct HTTP requests without a valid session. The vulne...

CVE-2025-70146

Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...

CVE-2025-33099

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation...

CVE-2023-30467

This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially...

SUSE CVE-2004-0494

Multiple extfs backend scripts for GNOME virtual file system VFS before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI...

SAP Manufacturing Integration and Intelligence Cross-Site Request Forgery Vulnerability

SAP Manufacturing Integration and Intelligence MII,xMII is a set of Germany's SAP SAP will be the core of the manufacturing system and enterprise process integration platform system. The system supports the creation of manufacturing engineering, manufacturing execution and enterprise workflow...

HPE 3PAR Service Processor Cross-Site Request Forgery Vulnerability

HPE 3PAR Service Processor SP is a suite of virtual service processors deployed on the VMware vSphere hypervisor from Hewlett Packard Enterprise HPE, USA. A cross-site request forgery vulnerability exists in versions prior to HPE 3PAR SP SP-4.4.0.GA-110 MU7. A remote attacker could exploit this...

CVE-2018-11636

Cross-site request forgery CSRF vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions...

Synology Photo Station Cross-Site Request Forgery Vulnerability

Synology Photo Station is a Synology solution for sharing pictures, videos and blogs over the Internet. A cross-site request forgery vulnerability exists in the admin/user.php file in Synology Photo Station versions prior to 6.8.5-3471 and prior to 6.3-2975. A remote attacker can exploit the...

Cisco Linksys EA4500 Cross-Site Request Forgery Vulnerability

The Cisco Linksys EA4500 devices is a router device from Cisco USA. A cross-site request forgery vulnerability exists in Cisco Linksys EA4500 devices using firmware versions prior to 2.1.41.164606. A remote attacker could exploit this vulnerability to perform unauthorized operations...

Micro Focus Project and Portfolio Management Center Cross-Site Request Forgery Vulnerability

Micro Focus Project and Portfolio Management Center is a suite of project portfolio management software from Micro Focus UK. The software manages hybrid projects by integrating agile tools such as ALM Octane, Agile Manager and CA Rally. A cross-site request forgery vulnerability exists in Micro...

phpMyFAQ cross-site request forgery vulnerability (CNVD-2017-32428)

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

Multiple Cross-Site Request Forgery Vulnerabilities in D-Link DVG-5402SP VoIP Router

The D-Link DVG-5402SP VoIP is a wireless router product from AUO D-Link. The D-Link DVG-5402SP VoIP router suffers from multiple cross-site request forgery vulnerabilities that can be exploited by remote attackers to perform unauthorized operations...

IBM InfoSphere Master Data Management Cross-Site Request Forgery Vulnerability (CNVD-2017-21238)

IBM InfoSphere Master Data Management MDM is an IBM USA solution for helping organizations manage enterprise-wide master data information about customers, suppliers, products, and accounts. The solution supports the centralization of multiple data domains through three master data usage styles:...

NetComm Wireless 4GT101W Router Cross-Site Request Forgery Vulnerability

NetComm Wireless 4GT101W routers is a wireless router product from NetComm Wireless Australia. A cross-site request forgery vulnerability exists in NetComm Wireless 4GT101W routers running hardware version 0.01/software version V1.1.8.8/bootloader version 1.1.3. A remote attacker could exploit th...

Lenovo Service Bridge Cross-Site Request Forgery Vulnerability

Lenovo Service Bridge is a Windows program from the Chinese company Lenovo Lenovo that automatically detects the serial number and model number of your device. A cross-site request forgery vulnerability exists in versions prior to Lenovo Service Bridge 4. A remote attacker could exploit this...

Fastspot BigTree CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-03388)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site request forgery vulnerability exists in Fastspot BigTree CMS version 4.1.18. A remote attacker can exploit this vulnerability to perform unauthorized operation...

HPE Version Control Repository Manager Cross-Site Request Forgery Vulnerability

HPE Version Control Repository Manager VCRM is a repository for storing software and firmware that supports ProLiant servers from HewlettPackardEnterprise HPE, USA. A cross-site request forgery vulnerability exists in HPE Version Control Repository Manager VCRM versions prior to 7.6. A remote...