Lucene search
K

656 matches found

Vulnrichment
Vulnrichment
added 2026/05/17 12:12 p.m.7 views

CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.11 views

PT-2026-41560

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References4
Debian
Debian
added 2026/05/15 4:54 p.m.17 views

[SECURITY] [DLA 4585-1] firewalld security update

Debian LTS Advisory DLA-4585-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 15, 2026 https://wiki.debian.org/LTS Package : firewalld Version : 0.9.3-2+deb11u1 CVE ID : CVE-2026-4948 Debian Bug : A flaw was found in firewalld where a local unprivileged us...

5.5CVSS5.7AI score0.00118EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

WordPress plugin Notify Odoo 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 2:54 p.m.7 views

GHSA-5WXP-QJGQ-FX6M FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment

Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/11 4:46 p.m.8 views

CVE-2026-45001 OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 8:50 a.m.5 views

BIT-MONGODB-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

6.3CVSS5.8AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 9:31 p.m.9 views

EUVD-2025-209705

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

3.9CVSS5.8AI score0.00178EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.8 views

CVE-2025-31974

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

7.2CVSS0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 6:1 p.m.9 views

CVE-2025-31974 HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

3.9CVSS5.8AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 6:1 p.m.14 views

CVE-2025-31974

CVE-2025-31974 affects HCL BigFix Service Management (SM). The connected documents describe a vulnerability where the root filesystem is not mounted as read-only, which could allow unintended modifications to critical system components and potentially increase the risk of system compromise or una...

7.2CVSS5.8AI score0.00178EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/06 3:32 p.m.7 views

EUVD-2025-209687

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS5.8AI score0.00095EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 3:16 p.m.15 views

CVE-2025-31957

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

5.7CVSS0.00095EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 2:43 p.m.7 views

BIT-JAVA-2023-21938

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

3.7CVSS6.8AI score0.01208EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/06 1:37 p.m.8 views

CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS5.8AI score0.00095EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 1:37 p.m.6 views

CVE-2025-31957

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS5.8AI score0.00095EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 1:37 p.m.32 views

CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS0.00095EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 1:37 p.m.11 views

CVE-2025-31957

Technical details for CVE-2025-31957 are not publicly available in the provided documents. The records reiterate a CSRF vulnerability in HHCL BigFix Service Management but do not specify affected versions, impact specifics, or remediation steps. Monitor for updates.

5.7CVSS5.8AI score0.00095EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37630

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

2.6CVSS5.8AI score0.00095EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

HCL BigFix Service Management 跨站请求伪造漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a cross-site request forgery vulnerability. This vulnerability stems from cross-site request forgery attacks, which may lead to unauthoriz...

5.7CVSS5.7AI score0.00095EPSS
Exploits0References1
Rows per page
Query Builder