Lucene search
K

15 matches found

Snyk
Snyk
added 2026/05/10 2:19 p.m.8 views

Cross-site Request Forgery (CSRF)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the /account/edit endpoint. An attacker can alter account details, such as email addresses, by tricking users into visiting malicious pages, and subsequentl...

8.3CVSS5.8AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 4:51 p.m.32 views

CVE-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

6.3CVSS0.00167EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 8:11 p.m.3 views

GHSA-54V4-4685-VWRJ alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass

Summary application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET or $REQUEST, so an attacker can perform CSRF by forcing a victim's...

8.7CVSS7.1AI score0.00203EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-5787

Malware in sbrugna...

9.3CVSS8.8AI score0.00525EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/12 4:9 p.m.17 views

CVE-2025-46740 Improper Handling of Insufficient Permissions

An authenticated user without user administrative permissions could change the administrator Account Name...

7.5CVSS0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/07 7:45 p.m.9 views

CVE-2022-36073 RubyGems allows creation of users with arbitrary unverified emails

RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that...

8.3CVSS8.8AI score0.00814EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/09 7:15 p.m.4 views

CVE-2022-30898

A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...

6.5CVSS6.7AI score0.00544EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/01/28 12:0 a.m.13 views

uListing < 1.7 - Unauthenticated Arbitrary Account Change

The AJAX action stmlistingprofileedit accessible to both authenticated and unauthenticated users did not perform capability and CSRF checks, and did not ensure that the edited account belonged to the user making the request. This allows unauthenticated users to update arbitrary accounts, such as...

5AI score
Exploits0References1Affected Software1
NVD
NVD
added 2021/01/05 4:15 p.m.25 views

CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...

9.3CVSS8.2AI score0.00525EPSS
Exploits1References1
OSV
OSV
added 2021/01/05 4:15 p.m.3 views

CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...

7.8CVSS7.3AI score0.00525EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/01/05 3:43 p.m.41 views

CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...

9.3CVSS7.8AI score0.00525EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/01/05 12:0 a.m.5 views

PT-2021-9622 · Unknown · Win-911 Enterprise

Name of the Vulnerable Software and Affected Versions: Win-911 Enterprise version 4.20.13 Description: A local privilege elevation issue exists due to file system permissions in the install directory, specifically via the WIN-911 Account Change Utility. This allows an attacker to overwrite...

9.3CVSS8.4AI score0.00525EPSS
Exploits1References4
OSV
OSV
added 2019/03/07 11:29 p.m.4 views

CVE-2019-9598

An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...

6.5CVSS5.8AI score0.00506EPSS
Exploits1References1
OSV
OSV
added 2018/10/01 11:29 p.m.3 views

CVE-2018-17870

An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of accountchange.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683...

6.1CVSS5.8AI score
Exploits0References1
exploitpack
exploitpack
added 2016/12/09 12:0 a.m.15 views

D-Link DI-524 - Cross-Site Request Forgery

D-Link DI-524 - Cross-Site Request Forgery Title: D-Link DI-524 - Cross-Site-Request-Forgery Vulnerability Credit: Felipe Soares de Souza Date: 09/12/2016 Vendor: D-Link Product: D-Link DI-524 Wireless 150 Product link: https://dlink.com.br/produto/di-524150 Version: Firmware 9.01 1- Reboot the...

1.1AI score
Exploits0
Rows per page
Query Builder