49 matches found
MOTEX Lanscope Endpoint Manager 安全漏洞
MOTEX Lanscope Endpoint Manager is an enterprise endpoint security and asset management system from MOTEX Japan. A security vulnerability exists in MOTEX Lanscope Endpoint Manager On-Premises that stems from not properly validating the source of incoming requests, which could lead to the executio...
CVE-2025-53483
The CVE-2025-53483 issue affects the MediaWiki SecurePoll extension and is triggered by pages ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage::executeClear() not validating request methods or CSRF tokens. The vulnerability enables CSRF to trigger sensitive admin actions when an admin...
Vulnerabilities fixed in IBM InfoSphere Information Server
IBM has fixed vulnerabilities in IBM InfoSphere Information Server Versions 11.7.0.0 to 11.7.1.6. The first vulnerability involves a Denial-of-Service vulnerability that stems from insufficient validation of incoming request sources. This can be exploited to disrupt service availability. The seco...
Zoom Workplace Apps Out-of-Bounds Write Vulnerability
Zoom Workplace Apps is an app for multiple platforms including Linux, macOS, Windows, iOS and Android. Zoom Workplace Apps suffers from an out-of-bounds write vulnerability that stems from the application failing to properly validate boundaries when processing a specific request. An attacker coul...
Altair 资源管理错误漏洞
Altair is a beautiful and feature-rich GraphQL client IDE from the Altair GraphQL open source. A resource management error vulnerability exists in versions prior to Altair v12.24Q3.2, which stems from a lack of request validation and a lack of authentication in the image proxy, and the...
CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests
Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...
CVE-2023-1124
The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks...
PT-2023-16772 · WordPress · Shopping Cart & Ecommerce Store
Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store WordPress plugin versions prior to 5.4.3 Description: The issue allows authenticated users with admin privileges to perform Local File Inclusion LFI attacks due to a lack of validation of HTTP requests. LFI...
WordPress plugin Member Hero 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
CVE-2021-42786
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected...
CVE-2021-41554
ARCHIBUS Web Central 21.3.3.815 a version from 2014 does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...
Drupal 跨站脚本漏洞
Drupal is an open source content management system developed in PHP by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Entity Embed module, which originates from a WEB application that does not adequately validate that a request is coming from a trusted user. An...
WordPress titan-framework 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress titan-framework, which stems from a WEB...
WordPress plugin AddToAny Share Buttons 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress plug...
express-cart 跨站请求伪造漏洞
express-cart is a shopping cart module used in Node.js. A cross-site request forgery vulnerability exists in express-cart in Node.js, which stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could use this vulnerability to send...
CVE-2021-1294
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP...
Microsoft Dynamics 365 Cross-Site Scripting Vulnerability (CNVD-2020-52904)
Microsoft Dynamics 365 is Microsoft's next-generation intelligent business application that helps enterprises grow and digitally transform through the perfect integration of CRM and ERP. A cross-site scripting vulnerability exists in Microsoft Dynamics 365 Local Edition 8.2, 9.0. The vulnerabilit...
RICOH SP C250DN Cross-Site Request Forgery Vulnerability
The RICOH SP C250DN is a printer from the Japanese company Ricoh RICOH. A cross-site request forgery vulnerability exists in RICOH SP C250DN version 1.06. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker cou...
phpBB cross-site request forgery vulnerability (CNVD-2019-34464)
phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB, which arises from a WEB application that does not adequately validate...
Mozilla Firefox and Firefox ESR Cross-Site Request Forgery Vulnerability
Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A cross-site request forgery vulnerability exists in Mozilla Firefox versions...