656 matches found
CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
PT-2026-41560
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
[SECURITY] [DLA 4585-1] firewalld security update
Debian LTS Advisory DLA-4585-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 15, 2026 https://wiki.debian.org/LTS Package : firewalld Version : 0.9.3-2+deb11u1 CVE ID : CVE-2026-4948 Debian Bug : A flaw was found in firewalld where a local unprivileged us...
WordPress plugin Notify Odoo 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
GHSA-5WXP-QJGQ-FX6M FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment
Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side...
CVE-2026-45001 OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...
BIT-MONGODB-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...
EUVD-2025-209705
HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...
CVE-2025-31974
HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...
CVE-2025-31974 HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only
HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...
CVE-2025-31974
CVE-2025-31974 affects HCL BigFix Service Management (SM). The connected documents describe a vulnerability where the root filesystem is not mounted as read-only, which could allow unintended modifications to critical system components and potentially increase the risk of system compromise or una...
EUVD-2025-209687
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
CVE-2025-31957
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
BIT-JAVA-2023-21938
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...
CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
CVE-2025-31957
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
CVE-2025-31957
Technical details for CVE-2025-31957 are not publicly available in the provided documents. The records reiterate a CSRF vulnerability in HHCL BigFix Service Management but do not specify affected versions, impact specifics, or remediation steps. Monitor for updates.
PT-2026-37630
HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...
HCL BigFix Service Management 跨站请求伪造漏洞
HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a cross-site request forgery vulnerability. This vulnerability stems from cross-site request forgery attacks, which may lead to unauthoriz...