CVE-2026-53473 Migration-planner-ui-app: stored xss via javascript: url in agent credential link

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

CVE-2026-0241

Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...

CVE-2018-25337

Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information o...

CVE-2026-0241 Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities

Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...

EUVD-2026-29495

Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

EUVD-2025-209554

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

PT-2026-25190

Cross-Site Request Forgery CSRF vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through = 2.0.80...

CVE-2025-70899

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery CSRF protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage...

PT-2025-53320

SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious...

PT-2025-52220

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

CVE-2025-12716 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with...

PT-2025-41840

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description A Cross-Site Request Forgery CSRF issue exists in SAP NetWeaver Application Server for ABAP. An authenticated attacker may be able to initiate transactions...

CVE-2025-57927

Cross-Site Request Forgery CSRF vulnerability in Stephanie Leary Dashboard Notepad dashboard-notepad allows Cross Site Request Forgery.This issue affects Dashboard Notepad: from n/a through = 1.42...

CVE-2025-57924 WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

CVE-2025-36041

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose...

ERPNext 跨站请求伪造漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a cross-site request forgery vulnerability that can be exploited by attackers to cause unauthorized operations...

PT-2025-12097 · Unknown · Automatic1111/Stable-Diffusion-Webui

Name of the Vulnerable Software and Affected Versions: automatic1111/stable-diffusion-webui version 1.10.0 Description: A Cross-Site WebSocket Hijacking CSWSH vulnerability allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability is due to a lack of...

WordPress Flexible Wishlist for WooCommerce plugin <= 1.2.26 - Cross-Site Request Forgery to Wishlist Creation/Modification vulnerability

Cross-Site Request Forgery to Wishlist Creation/Modification vulnerability discovered by Tim Coen in WordPress Plugin Flexible Wishlist for WooCommerce versions = 1.2.26...

IBM Sterling B2B Integrator 跨站请求伪造漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...