Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:github-pullrequest is a GitHub Integration Plugin for Jenkins. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to not requiring POST requests for an HTTP endpoint. This vulnerability allows attackers to trigger a build for a...

Astra Linux - уязвимость в atftp

In tftpdfile.c in atftp up to 0.7.4, there is a buffer overflow issue due to improper handling of buffer-size parameters, which does not correctly account for combinations of data, OACK, and other options...

EUVD-2026-31042

The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...

WordPress plugin Logo Manager For Enamad 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPress...

CVE-2021-47832

CVE-2021-47832 entry is rejected/not used (duplicate) by the CVE Numbering Authority.

CVE-2021-47832

...

EUVD-2020-0287

Malware in sbrugna...

EUVD-2025-27403

Malicious code in bioql PyPI...

EUVD-2024-51921

Malicious code in bioql PyPI...

CVE-2025-58991

Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...

WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WooCommerce Booking Bundle Hours versions = 0.7.4...

CVE-2025-58991

The CVE-2025-58991 entry documents a CSRF vulnerability in the WooCommerce Booking Bundle Hours WordPress plugin that can lead to Stored XSS. Affected software: WooCommerce Booking Bundle Hours (versions up to 0.7.4). Root cause: cross-site request forgery enabling stored XSS payloads. Impact is ...

WordPress plugin WooCommerce Booking Bundle Hours 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the...

Linux Distros Unpatched Vulnerability : CVE-2019-9946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI...

WordPress plugin kStats Reloaded 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2012-3881

Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 95.php, 2 view.php, or 3 rtg.php...

CVE-2025-1786

A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msfstreamdirectoryfree in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The...

Rizin 安全漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A security vulnerability exist...

CVE-2020-5241

matestack-ui-core RubyGem before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4...

CVE-2024-53256 Rizin has a command injection via RzBinInfo bclass due legacy code

Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...