Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the setPermission.json.php endpoint. An attacker can modify user group permissions and escalate privileges by tricking an...

CVE-2026-32839

Edimax GS-5008PL firmware 1.00.54 and earlier is impacted by a cross-site request forgery (CSRF) vulnerability. The issue stems from lack of anti-CSRF tokens and insufficient request validation, enabling remote attackers to coerce logged-in administrators into performing actions via malicious pag...

CVE-2025-59541

CVE-2025-59541 (Chamilo LMS) : Prior to 1.11.34, a CSRF vulnerability allows an authenticated trainer to delete projects within a course by visiting a malicious page, due to missing anti-CSRF protections and reliance on GET requests. The issue enables unauthorized project deletion with high impac...

EUVD-2025-206490

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

EUVD-2018-3458

Malware in sbrugna...