PT-2025-4305 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 2.1.2 Description: Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When a request with the Authorization header is sent to one domain and the response asks to redirect to a different...

CVE-2024-37774

A Cross-Site Request Forgery CSRF in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens...

CVE-2024-37774

A Cross-Site Request Forgery CSRF in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens...

CVE-2024-34446

Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state after a hard failure to create a tunnel, and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of...

CVE-2024-34446

Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state after a hard failure to create a tunnel, and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of...

OLX: CSRF in account configuration leads to complete account compromise

Hello, Although listed as out of scope, this vulnerability presents serious risk that can compromise any account, and hope you consider it as such. When updating a user in the configuration tab, there is no CSRF token to prevent other pages from updating the user. This allows any third party site...