Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components

Impact Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurations, a malicious request can trigger a request-body handling deadlock that leaves connections ope...

CVE-2025-34041

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response EDR management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interfac...

CVE-2021-21731

A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects:...

PT-2024-25695 · Minder · Minder

Name of the Vulnerable Software and Affected Versions: Minder versions prior to 0.0.48 Description: Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is...

Gitea 输入验证错误漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. Gitea is vulnerable to an input validation error that stems from the product's failure to determine that a request originated from a trusted user, which could be exploited to send an unintended request to the server...

Team Password Manager 跨站请求伪造漏洞

Team Password Manager is a web-based team password manager. Team Password Manager suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could use this vulnerability to...

WordPress 插件跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Fileviewer that stems from the WEB application not...

VMware vRealize Operations 代码问题漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A code issue vulnerability exists in VMware vRealize Operations that stems from the product...

IBM API Connect Cross-Site Request Forgery Vulnerability (CNVD-2021-09301)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing and securing APIs, microservices and more. IBM API Connect suffers from a cross-site request forgery vulnerability, which arises from a WEB...

CloudBees Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2020-55183)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

IBM Maximo Asset Management Cross-Site Request Forgery Vulnerability (CNVD-2020-52459)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. IBM Maximo Asse...

BlueOnyx 5209R Cross-Site Request Forgery Vulnerability

BlueOnyx 5209R is an open source web hosting solution. The product includes email, DNS and file transfer services, among others. A cross-site request forgery vulnerability exists in the /login URI in BlueOnyx 5209R. The vulnerability stems from a WEB application that does not adequately validate...

Fortinet FortiSIEM Cross-Site Request Forgery Vulnerability

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. A cross-site request forgery vulnerability exists in the user interface in...

IceHrm Cross-Site Request Forgery Vulnerability (CNVD-2020-10603)

IceHrm is a human resource management Hrm system. The system includes features such as employee management, leave management and payroll management. A cross-site request forgery vulnerability exists in IceHrm version 26.2.0. The vulnerability stems from the WEB application not adequately verifyin...

School Management Software PHP/mySQL CSRF Vulnerability

School Management Software PHP/mySQL is a WEB school ERP management program. A cross-site request forgery vulnerability exists in School Management Software PHP/mySQL 2019-03-14 and prior versions. The vulnerability stems from the WEB application not adequately verifying that requests are coming...

Dell RSA Authentication Manager Cross-Site Request Forgery Vulnerability

Dell RSA Authentication Manager is a centralized suite of binary authentication software from Dell, Inc. The software centralizes the management of binary identities, security tokens, methods and users across physical sites. A cross-site request forgery vulnerability exists in Dell RSA...

DAViCal Cross-Site Request Forgery Vulnerability

DAViCal is a calendar sharing server that is an implementation of the CalDAV protocol. A cross-site request forgery vulnerability exists in DAViCal 1.1.8 and earlier versions. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted...

WordPress kiwi-logo-carousel plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers. kiwi-logo-carousel is a rotating effect plugin used in it. A cross-site request forgery vulnerability exists in WordPress kiwi-logo-carousel plugin...

WordPress alo-easymail plugin has an unspecified vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. alo-easymail is used in one of the news subscription plug-ins that support multiple languages. A cross-site request forgery...

WordPress companion-sitemap-generator plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. companion-sitemap-generator is a sitemap plugin used in it. A cross-site request forgery vulnerability exists in the WordPress...