Lucene search
K

23 matches found

NVD
NVD
added yesterday4 views

CVE-2026-14846

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the...

4.5CVSS0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-14846 Incorrect neutralisation in the PrestaShop firmware

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the...

4.5CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 5:16 a.m.30 views

CVE-2026-9057

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

8.2CVSS0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 4:39 a.m.24 views

CVE-2026-9057

The vulnerability CVE-2026-9057 affects Talend Administration Center and is a broken access control issue that allows a user with View permission to modify the Talend Studio update URL. Reported impact is high (CVSS 3.1: 8.2, Confidentiality/Integrity High, Availability None) with network attack ...

8.2CVSS5.7AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42106

Name of the Vulnerable Software and Affected Versions Talend Administration Center affected versions not specified Description A broken access control issue exists that allows a user with "View" permission to modify the Talend Studio update URL. Recommendations Apply the available patch to resolv...

8.2CVSS5.8AI score0.00261EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.10 views

CVE-2026-40174

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 p.m.5 views

CVE-2026-40174

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.13 views

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cUsers.updateAddress function not properly verifying the anti-CSRF token, allowing attacke...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38226

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cUsers.updateAddress function fails to properly validate anti-CSRF Cross-Site Request Forger...

7.1CVSS5.8AI score0.00165EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/27 4:0 a.m.3 views

CVE-2026-7085

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

5CVSS4.9AI score0.00248EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/04/27 4:0 a.m.32 views

CVE-2026-7085 HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

5CVSS0.00248EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/18 6:31 p.m.8 views

EUVD-2025-208833

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00109EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 4:16 p.m.4 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

7.1CVSS0.00109EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.3 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00109EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/18 12:0 a.m.23 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

0.00109EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 12:0 a.m.4 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00109EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.9 views

CVE-2026-27180

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...

9.8CVSS6.8AI score0.01086EPSS
Exploits4References1
OSV
OSV
added 2025/12/29 3:16 p.m.6 views

CVE-2025-15192

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...

8.8CVSS5.6AI score0.03443EPSS
Exploits1References6
CVE
CVE
added 2025/12/04 10:32 p.m.14 views

CVE-2025-14051

CVE-2025-14051 affects youlaitech youlai-mall versions 1.0.0 through 2.0.0. The vulnerability resides in the functions getById(), updateAddress(), and deleteAddress() in the file /mall-ums/app-api/v1/addresses/. Exploitation can be performed remotely, and public exploits have been published. Reme...

8.8CVSS6.3AI score0.00415EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/12/04 10:32 p.m.5 views

CVE-2025-14051 youlaitech youlai-mall addresses deleteAddress improper control of dynamically-identified variables

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The...

5.3CVSS6.2AI score0.00415EPSS
Exploits1References9
Rows per page
Query Builder