CVE-2025-42616 CSRF vulnerability in CIRCL Vulnerability-Lookup

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

CVE-2025-62797

FluxCP CSRF in the FluxCP-based website template for rAthena servers (PHP) allows state-changing POST requests to be executed via a logged-in user without per-request anti-CSRF tokens or robust Origin/Referer validation. An attacker luring a user to a malicious page can force actions on the user’...

EUVD-2022-6882

Malicious code in bioql PyPI...

EUVD-2024-3430

Malicious code in bioql PyPI...

CVE-2024-21629

Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...

Code Injection

github.com/cosmos/evm are vulnerable to Code Injection. The vulnerability is due to setting lower EVM call gas limits, which allows the precompile code to partially execute and then fail without reverting the already made state changes...

PT-2025-8918

Name of the Vulnerable Software and Affected Versions WSO2 Enterprise Integrator version 6.6.0 Description A Cross-Site Request Forgery CSRF issue exists in the management console due to the absence of CSRF token validation. This allows attackers to craft malicious requests that can trigger...

Zulip 信息泄露漏洞

Zulip is a powerful open source group chat application from Zulip, Inc. It is used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. Zulip suffers from an information disclosure vulnerability that stems from not properly limiting the scope of...

PT-2025-3160 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptible to Cross-Site Request Forgery CSRF. State-changing actions in...

CVE-2024-53867

Synapse (Matrix homeserver) Sliding Sync flaw affects versions 1.113.0rc1 through 1.120.0, leaking partial room state changes to users who left the room. Non-state events (e.g., messages) are not affected. The issue is fixed in 1.120.1. Affected CVE: CVE-2024-53867. No exploitation details are pr...

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse that stems from the Sliding Sync feature that may leak some room state changes to users who are no longer in the room...

The vulnerability of GigaDevice’s GD32 microprogrammed device controllers, such as GD32F1x0, GD32F4xx, and GD32F3x0, is related to insufficient access control mechanisms. This allows attackers to read data from the RAM or modify its state.

The vulnerability of GigaDevice’s GD32 microprogrammed device controllers, such as GD32F1x0, GD32F4xx, and GD32F3x0, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to read data from the RAM or alter its state...

PT-2024-7338 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter affected versions not specified Description: The issue is related to a vulnerability in the web-based management interface of the Cisco ATA 190 Series Analog Telephone Adapter firmware. This...

SUSE CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...

CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...

CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...

UBUNTU-CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...

CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...

CVE-2022-48910

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6mcdown at most once There are two reasons for addrconfnotify to be called with NETDEVDOWN: either the network device is actually going down, or IPv6 was disabled on the interface. If either of them...