Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the preview chat endpoint, which allowed unverified users to forge server-side requests by providing custom bot...

Arqit Symmetric Key Agreement Platform 安全漏洞

The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the QKEY and internal system...

CVE-2026-42303 Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection

Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was...

WordPress plugin RockPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the email attachments due to the missing verification for API requests to localhost. An attacker can execute arbitrary scripts in the context of the user's browser by sending specially crafted emails...

CVE-2026-22194 GestSup <= 3.2.60 CSRF Allows Privileged Actions

GestSup versions up to and including 3.2.60 contain a cross-site request forgery CSRF vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perform actions with the victim's privileges. This...

WordPress plugin Business Directory 安全漏洞

WordPress Business Directory Plugin is a plugin for creating and managing business directories such as business yellow pages, real estate listings, or classified ads on your WordPress website. WordPress Business Directory Plugin suffers from a cross-site request forgery vulnerability that stems...

E-Commerce Site Cross-Site Request Forgery Vulnerability

E-Commerce Site is an e-commerce site. E-Commerce Site suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a trusted user. No details of the vulnerability are available at this time...

WordPress plugin WP Post Hide 跨站请求伪造漏洞

WordPress WP Post Hide is a plugin for controlling the visibility of WordPress posts, hiding the display of specific posts in different locations such as the home page, category pages, and search results pages. WordPress WP Post Hide suffers from a cross-site request forgery vulnerability, which...

CVE-2023-3011

The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the armcheckusercap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized action...

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37623)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/domainmanagement.php?whitelistadd does not adequately verify that the request comes from a trusted user , an...

Vulnerability of the software interface of the XWiki platform for creating collaborative web applications. The XWiki platform allows a perpetrator to execute arbitrary code.

The vulnerability of the software interface of the XWiki Platform for creating collaborative web applications is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a malicious actor, operating remotely, to execute arbitrary code...

CVE-2020-23256

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service...

The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from insufficiently verified incoming requests. This allows a hacker to execute arbitrary code with administrator privileges.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to insufficient verification of incoming requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with administrator privileges...

Wordpress Plugin SupportCandy 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...

CVE-2021-34086

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests...

MyuCms 代码问题漏洞

MyuCms is a content management system based on ThinkPhp developed specifically for enterprises. myucms has a cross-site request forgery vulnerability in v2.2.1, which stems from a sql method in the product controllerindex.php file that does not correctly determine that the request originates from...

WordPress 插件代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in WordPress Simple Ecommerce Shopping Cart, which stems from the...

BlogCMS Cross-Site Request Forgery Vulnerability

BlogCMS is a PHP and MySQL based blogging system by Pramod Mahato Software Developers in India. A cross-site request forgery vulnerability exists in the admin/changepass.php file in BlogCMS 2019-12-31 and earlier versions. The vulnerability stems from the WEB application not adequately verifying...

WordPress Tutor LMS Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress Tutor LMS. The vulnerability stems from the WEB applicatio...