CVE-2025-42923

Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application...

CVE-2024-45258

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design...

CVE-2024-45258

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design...

microweber cross-site request forgery vulnerability (CNVD-2022-12800)

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site request forgery vulnerability exists in microweber because the product does...

firefly-iii Cross-site Request Forgery Vulnerability (CNVD-2022-19846)

firefly-iii is a free and open source personal finance software. firefly-iii suffers from a cross-site request forgery vulnerability, which originates when a WEB application does not sufficiently validate that a request is from a trusted user, and can be exploited by an attacker to send an...

firefly-iii 跨站请求伪造漏洞

firefly-iii is a free and open source personal finance software. firefly-iii suffers from a cross-site request forgery vulnerability, which originates when a WEB application does not sufficiently validate that a request is from a trusted user, and can be exploited by an attacker to send an...

Mattermost Server Cross-Site Request Forgery Vulnerability

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A cross-site request forgery vulnerability exists in Mattermost Server, which stems from a WEB application that does not adequately validate whether a request is coming from a trusted user, and can ...

Cross-site Request Forgery Vulnerability in Multiple NETGEAR Products (CNVD-2021-59156)

NETGEAR JNR1010 and others are a wireless router from NETGEAR USA. A cross-site request forgery vulnerability exists in multiple NETGEAR products. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could use the...

Cross-site Request Forgery Vulnerability in Multiple NETGEAR Products (CNVD-2021-59162)

NETGEAR WAC505 and others are a wireless access point AP from NETGEAR, Inc. A cross-site request forgery vulnerability exists in several NETGEAR products. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could use the...

Squid Cross-Site Request Forgery Vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A cross-site request forgery vulnerability exists in the HTTP request processing in Squid, which arises from a WEB...