56013 matches found
CVE-2023-53688 Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS and cross-site request forgery CSRF via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context ...
CVE-2025-64138
A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2025-64141
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2025-64226
Cross-Site Request Forgery CSRF vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through = 1.2.11...
CVE-2025-60075
Cross-Site Request Forgery CSRF vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through = 3.0.1...
CVE-2025-64290
Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.4...
Server Side Request Forgery (SSRF)
Ghost is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to send crafted requests to internal resources and potentially access sensitive information...
EUVD-2025-36876
Drupal Currency allows Cross Site Request Forgery...
Drupal Currency allows Cross Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0...
GHSA-27FV-RPGJ-4C6M Drupal Currency allows Cross Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0...
CVE-2025-10930
Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...
CVE-2024-45161
A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution...
PT-2025-44399
Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart affected versions not specified Description Quick.Cart is susceptible to Cross-Site Request Forgery in the product creation functionality. A malicious actor can create a specially crafted website that, when...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.11.3 that stems from the Hypermap Replay...
PT-2025-44486
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.11.3 Description The software is susceptible to cross-site scripting XSS and cross-site request forgery CSRF through the Hypermap Replay component. An attacker can submit crafted input that is not properly validat...
CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110
Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...
EUVD-2025-36690
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...
Cross-site Request Forgery (CSRF)
Overview jp.ikedam.jenkins.plugins:extensible-choice-parameter is a This plugin adds "Extensible Choice" as a build parameter.You can select how to retrieve choices, including the way to share choices among all jobs. Affected versions of this package are vulnerable to Cross-site Request Forgery...
Cross-site Request Forgery (CSRF)
Overview org.jenkins-ci.plugins:windocks-start-container is an Allows users to create running containers based on Images available on the WinDocks host. WinDocks is a port of Docker’s open source to Windows, and supports all editions of Windows 8, Windows 10, Windows Server 2012, and Windows Serv...
Cross-site Request Forgery (CSRF)
Overview org.jenkins-ci.plugins:themis is an A Jenkins plugin to communicate with a Themis instance. It can send report files to be analyzed by Themis and send a refresh request for a project. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to a lack of...