Lucene search
K

56013 matches found

Vulnrichment
Vulnrichment
added 2025/10/30 9:47 p.m.6 views

CVE-2023-53688 Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS and cross-site request forgery CSRF via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context ...

5.1CVSS5.9AI score0.00289EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/30 2:13 p.m.4 views

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS6.7AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 2:13 p.m.5 views

CVE-2025-64141

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.7AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 9:16 a.m.5 views

CVE-2025-64226

Cross-Site Request Forgery CSRF vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through = 1.2.11...

4.3CVSS6.8AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 9:16 a.m.5 views

CVE-2025-60075

Cross-Site Request Forgery CSRF vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through = 3.0.1...

7.1CVSS6.9AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 9:16 a.m.9 views

CVE-2025-64290

Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.4...

4.3CVSS6.8AI score0.00117EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/30 9:8 a.m.8 views

Server Side Request Forgery (SSRF)

Ghost is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to send crafted requests to internal resources and potentially access sensitive information...

6.5CVSS7AI score0.00483EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2025/10/30 12:31 a.m.6 views

EUVD-2025-36876

Drupal Currency allows Cross Site Request Forgery...

6.5CVSS6.3AI score0.00121EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.12 views

Drupal Currency allows Cross Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0...

6.5CVSS6.9AI score0.00121EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/10/30 12:31 a.m.2 views

GHSA-27FV-RPGJ-4C6M Drupal Currency allows Cross Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0...

6.5CVSS6.9AI score0.00121EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 12:15 a.m.5 views

CVE-2025-10930

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...

6.5CVSS0.00121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 12:12 a.m.14 views

CVE-2024-45161

A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution...

4.6CVSS7.2AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44399

Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart affected versions not specified Description Quick.Cart is susceptible to Cross-Site Request Forgery in the product creation functionality. A malicious actor can create a specially crafted website that, when...

5.1CVSS6.6AI score0.00193EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.11.3 that stems from the Hypermap Replay...

5.4CVSS6.1AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44486

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.11.3 Description The software is susceptible to cross-site scripting XSS and cross-site request forgery CSRF through the Hypermap Replay component. An attacker can submit crafted input that is not properly validat...

5.4CVSS6.2AI score0.00289EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/29 11:13 p.m.8 views

CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...

0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/29 5:49 p.m.5 views

EUVD-2025-36690

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

8.6CVSS6.3AI score0.00182EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/29 3:31 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview jp.ikedam.jenkins.plugins:extensible-choice-parameter is a This plugin adds "Extensible Choice" as a build parameter.You can select how to retrieve choices, including the way to share choices among all jobs. Affected versions of this package are vulnerable to Cross-site Request Forgery...

5.4CVSS7.1AI score0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/29 3:31 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:windocks-start-container is an Allows users to create running containers based on Images available on the WinDocks host. WinDocks is a port of Docker’s open source to Windows, and supports all editions of Windows 8, Windows 10, Windows Server 2012, and Windows Serv...

6.9CVSS6.5AI score0.0019EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/29 3:31 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:themis is an A Jenkins plugin to communicate with a Themis instance. It can send report files to be analyzed by Themis and send a refresh request for a project. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to a lack of...

5.4CVSS6.6AI score0.00206EPSS
Exploits0References2
Rows per page
Query Builder