PT-2025-15348

Name of the Vulnerable Software and Affected Versions: ClipboardService versions prior to 1 Description: The issue arises from improper handling of permissions or insufficient privileges in ClipboardService, allowing local attackers to access image files across multiple users. User interaction is...

PT-2025-14161 · Unknown · Google Seo Pressor Snippet

Name of the Vulnerable Software and Affected Versions: Google SEO Pressor Snippet versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions...

Open WebUI 跨站请求伪造漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site request forgery vulnerability exists in Open WebUI version v0.3.8, which stems from the use of the GET method for sensitive operations and could lead to a cross-site request forger...

CVE-2025-24959 Environment Variable Injection for dotenv API in zx

zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...

PT-2024-36275 · Eduardo Chiaro · Addweather

Name of the Vulnerable Software and Affected Versions: Eduardo Chiaro addWeather versions n/a through 2.5.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. Recommendations: For versions n/a through 2.5.1, consider implementing prop...

PT-2024-31666 · Intersafe +1 · Intersafe Webfilter +1

Name of the Vulnerable Software and Affected Versions: Alps System Integration products affected versions not specified InterSafe WebFilter affected versions not specified Description: A cross-site request forgery CSRF issue allows a remote unauthenticated attacker to hijack the authentication of...

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38219)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editproduct.php component not adequately verifying that a request comes from a trust...

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38210)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the addproduct.php component not adequately verifying that a request comes from a truste...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37623)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/domainmanagement.php?whitelistadd does not adequately verify that the request comes from a trusted user , an...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37618)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/admingroup.php?mode=delete&groupid=3 does not adequately verify whether the request is from a trusted user , an...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37622)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version exists cross-site request forgery vulnerability, the vulnerability stems from /admin/domainmanagement.php?id=0&list=whitelist&remove=pligg.com does not adequately verify whether the request is from ...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37625)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/submitpage.php does not adequately verify whether the request is from a trusted user , an attacker can use this...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37613)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/adminbackup.php?dobackup=clearall does not adequately verify that the request is from a trusted user , an attacker...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37621)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminwidgets.php?action=remove&widget=Statistics does not adequately verify whether the request is from a truste...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37617)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/admineditor.php does not adequately verify whether the request is from a trusted user , an attacker can use this...

PT-2024-6290 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Description: The issue is related to insufficient policy enforcement in Data Transfer, allowing a remote attacker to leak cross-origin data via a crafted HTML page if the user engages in specific ...

Warehouse Inventory System 安全漏洞

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System version v2.0, which stems from a failure of the categorie.php component to adequately validate whether a reques...

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/adminbackup.php?dobackup=database does not adequately verify that the request is from a trusted user , an attacker...

Warehouse Inventory System 安全漏洞

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the deleteuser.php component not adequately verifying that a request comes from a truste...

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/admineditor.php does not adequately verify whether the request is from a trusted user , an attacker can use this...