Lucene search
K

56000 matches found

NVD
NVD
added 2025/12/02 10:16 a.m.5 views

CVE-2025-13871

Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...

8.8CVSS0.00158EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 10:16 a.m.2 views

CVE-2025-13871

Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...

8.8CVSS5.8AI score0.00158EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 10:16 a.m.4 views

CVE-2025-13872

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

9.1CVSS5.9AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 9:51 a.m.9 views

CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

2.1CVSS6.6AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/02 9:51 a.m.3 views

EUVD-2025-200216

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

2.1CVSS6.5AI score0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/02 9:42 a.m.7 views

EUVD-2025-200217

Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...

2.3CVSS6.5AI score0.00158EPSS
Exploits0References2
CVE
CVE
added 2025/12/02 6:40 a.m.10 views

CVE-2025-13140

CVE-2025-13140 affects the SurveyJS: Drag & Drop Form Builder WordPress plugin. It is a CSRF vulnerability caused by missing nonce validation on the SurveyJS_DeleteSurvey AJAX action, allowing unauthenticated attackers to delete surveys via forged requests if a site admin is tricked. Impact is de...

4.3CVSS5AI score0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/02 4:37 a.m.8 views

CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS0.00133EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/02 4:37 a.m.2 views

CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS4.8AI score0.00133EPSS
Exploits0References2
CVE
CVE
added 2025/12/02 4:37 a.m.16 views

CVE-2025-13606

The WordPress plugin WP Ultimate Exporter (Export All Posts, Products, Orders, Refunds & Users) is affected by Cross‑Site Request Forgery up to version 2.19 due to missing or incorrect nonce validation in parseData, enabling unauthenticated attackers to exfiltrate sensitive data (including user d...

6.5CVSS4.9AI score0.00133EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/02 4:37 a.m.4 views

EUVD-2025-200180

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS4.8AI score0.00133EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.10 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

9.1CVSS6.9AI score0.00288EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.3 views

PT-2025-48659

Name of the Vulnerable Software and Affected Versions ObjectPlanet Opinio versions 7.26 rev12562 Description A flaw exists in the survey-import feature that allows an attacker to force the server to make HTTP GET requests to an arbitrary destination through crafted import requests. This is a Blin...

9.1CVSS6.5AI score0.00257EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2025/12/02 12:0 a.m.170 views

YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)

Exploit Title: YOURLS 1.8.2 - Cross-Site Request Forgery CSRF Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/yourls/yourls/ Software Link: https://github.com/yourls/yourls/ Version: 1.8.2 Tested on: Windows CVE : CVE-2022-0088 Proof Of Concept CSRF PoC CSRF Proof ...

7.4CVSS7AI score0.01994EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2025/12/01 10:25 p.m.3 views

CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

6.9CVSS6.3AI score0.00323EPSS
Exploits0References3
OSV
OSV
added 2025/12/01 4:15 p.m.4 views

CVE-2024-53684

A cross-site request forgery csrf vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability...

8.8CVSS5.7AI score0.00192EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/01 3:25 p.m.5 views

EUVD-2024-55107

A cross-site request forgery csrf vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability...

7.5CVSS6.4AI score0.00192EPSS
Exploits0References4
NVD
NVD
added 2025/12/01 12:15 p.m.3 views

CVE-2025-13296

Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery. This issue affects T-Soft E-Commerce: through 28112025...

5.4CVSS0.00099EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/01 11:51 a.m.8 views

CVE-2025-13296 CSRF in Tekrom Technology's T-Soft E-Commerce

Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery. This issue affects T-Soft E-Commerce: through 28112025...

5.4CVSS0.00099EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/01 11:51 a.m.3 views

EUVD-2025-199984

Cross-Site Request Forgery CSRF vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025...

5.4CVSS6.4AI score0.00099EPSS
Exploits0References2
Rows per page
Query Builder