Lucene search
K

55996 matches found

Vulnrichment
Vulnrichment
added 2025/12/10 4:7 p.m.2 views

CVE-2025-34410 1Panel CSRF in Change Username Functionality Allows Account Lockout

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7CVSS6.4AI score0.00128EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.4 views

CVE-2025-62734

Cross-Site Request Forgery CSRF vulnerability in M.Code Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through = 1.4.0...

4.3CVSS5.9AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.4 views

CVE-2025-62739

Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...

6.5CVSS6.9AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.5 views

CVE-2025-62102

Cross-Site Request Forgery CSRF vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through = 3.5.1...

4.3CVSS6.9AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.5 views

CVE-2025-67591

Cross-Site Request Forgery CSRF vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through 12.0.1...

4.3CVSS6.9AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.4 views

CVE-2025-67596

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through = 6.4.19...

4.3CVSS6.9AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:22 p.m.3 views

CVE-2025-67473

Cross-Site Request Forgery CSRF vulnerability in codeworkweb CWW Companion cww-companion allows Cross Site Request Forgery.This issue affects CWW Companion: from n/a through = 1.3.2...

4.3CVSS6.9AI score0.00107EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 10:16 a.m.7 views

CVE-2025-14390

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...

8.8CVSS0.00376EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 1:35 a.m.5 views

CVE-2025-65573

Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...

8.8CVSS6.7AI score0.00272EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50521

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.6CVSS6.8AI score0.00224EPSS
Exploits1References6
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/10 12:0 a.m.9 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

7.1CVSS7AI score0.00144EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50559

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...

3.5CVSS6.7AI score0.00096EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/12/09 10:26 p.m.5 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00397EPSS
Exploits0References5
NVD
NVD
added 2025/12/09 10:16 p.m.7 views

CVE-2025-67494

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

9.3CVSS0.00452EPSS
Exploits2References2
OSV
OSV
added 2025/12/09 10:16 p.m.2 views

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

7.5CVSS5.8AI score0.00381EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 10:7 p.m.27 views

CVE-2025-67494

ZITADEL (open‑source identity infrastructure) versions 4.7.0 and earlier are vulnerable to an unauthenticated full-read SSRF via the V2 Login UI. The vulnerability arises because the x-zitadel-forward-host header is treated as a trusted fallback for all deployments, enabling an attacker to force ...

9.3CVSS6.6AI score0.00452EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2025/12/09 10:7 p.m.21 views

CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

9.3CVSS0.00452EPSS
Exploits2References2
NVD
NVD
added 2025/12/09 9:15 p.m.3 views

CVE-2021-47723

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

8.8CVSS0.00164EPSS
Exploits0References4
CVE
CVE
added 2025/12/09 8:46 p.m.16 views

CVE-2021-47730

CVE-2021-47730 affects Selea Targa IP OCR-ANPR Camera and is a cross-site request forgery that allows an attacker to create an admin user without authentication. The provided documents state that a malicious page can submit a form to add a new administrator with full system privileges when a logg...

8.8CVSS6.4AI score0.00213EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 8:41 p.m.3 views

CVE-2021-47723 STVS ProVision Cross-Site Request Forgery (Add Admin)

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS6.5AI score0.00164EPSS
Exploits0References4
Rows per page
Query Builder