WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the plugin/CloneSite/cloneClient.json.php file displaying the local CloneSite shared key in unvalidate...

Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo

Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...

ROS-20260507-73-0003

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260507-73-0002

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260507-73-0001

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260506-73-0004

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260430-73-1001

A vulnerability in the module for implementing AEAD algorithms algifaead of the Linux kernel is related to the lack of validation of received requests. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

WordPress plugin Order Notification for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and web/dashboard applications. There are security vulnerabilities in versions prior to 11.4, 11.0.4, 11.1.3, 11.3.2, and 10.11.11.0. These...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.7.5, 18.8.5, and 18.9.1 containe...

EUVD-2025-202929

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups /api/prompts/groups/:groupId. However, the request bodies are not sufficiently validated for prop...

CVE-2020-36900 All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

EUVD-2021-34725

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

CVE-2021-47723

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

CVE-2021-47723

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

CVE-2021-47723

CVE-2021-47723 — STVS ProVision 5.9.10 CSRF vulnerability : A cross-site request forgery issue allows an attacker to perform actions with administrative privileges by exploiting unvalidated HTTP requests. By convincing a user to visit a malicious site, an attacker can trigger forged requests and ...

CVE-2021-47723 STVS ProVision Cross-Site Request Forgery (Add Admin)

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

PT-2025-50244

Name of the Vulnerable Software and Affected Versions STVS ProVision version 5.9.10 Description The software contains a cross-site request forgery issue. This allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. An attacker can create new...

WordPress Coil Web Monetization plugin Cross-Site Request Forgery Vulnerability

The WordPress Coil Web Monetization plugin is a WordPress plugin that allows websites to monetize content through the WebMonetizationAPI, which allows users to pay content creators directly through a browser extension. The WordPress Coil Web Monetization plugin suffers from a cross-site request...

MOTEX Lanscope Endpoint Manager 安全漏洞

MOTEX Lanscope Endpoint Manager is an enterprise endpoint security and asset management system from MOTEX Japan. A security vulnerability exists in MOTEX Lanscope Endpoint Manager On-Premises that stems from not properly validating the source of incoming requests, which could lead to the executio...