Lucene search
K

654 matches found

Snyk
Snyk
added 2026/04/04 9:30 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the admin/usermanipulate and admin/settings/generall endpoints. An attacker can perform unauthorized administrative actions by tricking an authenticated administrator into submitting crafted...

7.4CVSS5.7AI score0.00106EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.8 views

PT-2026-30379

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user manipulate and admin/settings/generall endpoints to...

5.3CVSS5.9AI score0.00106EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-31980

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description The software contains a privilege escalation issue in gateway-authenticated plugin HTTP routes. The issue incorrectly assigns operator.admin runtime scope, bypassing caller-granted scopes. This...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

6.5CVSS5.7AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 5:16 a.m.4 views

CVE-2026-4639

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

8.8CVSS0.00299EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/24 4:17 a.m.2 views

CVE-2026-4639 Galaxy Software Services|Vitals ESP - Incorrect Authorization

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

8.8CVSS5.8AI score0.00299EPSS
Exploits0References2
CVE
CVE
added 2026/03/24 4:17 a.m.13 views

CVE-2026-4639

CVE-2026-4639 affects Vitals ESP by Galaxy Software Services. The vulnerability is described as Incorrect Authorization, enabling authenticated remote attackers to perform administrative functions and escalate privileges. The NVD/NVD-derived entries provide CVSS 4.0/3.1 values with HIGH severity ...

8.8CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 2:48 p.m.5 views

CVE-2026-22172

OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers can exploit this logic flaw to present unauthorize...

9.9CVSS5.8AI score0.00505EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 12:30 a.m.5 views

EUVD-2026-12649

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

5.1CVSS5.8AI score0.00208EPSS
Exploits0References4
NVD
NVD
added 2026/03/17 10:16 p.m.4 views

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

6.5CVSS0.00208EPSS
Exploits0References3
CVE
CVE
added 2026/03/17 9:42 p.m.15 views

CVE-2026-32839

Edimax GS-5008PL firmware 1.00.54 and earlier is impacted by a cross-site request forgery (CSRF) vulnerability. The issue stems from lack of anti-CSRF tokens and insufficient request validation, enabling remote attackers to coerce logged-in administrators into performing actions via malicious pag...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 9:42 p.m.3 views

CVE-2026-32839 Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

5.1CVSS5.8AI score0.00208EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 9:42 p.m.24 views

CVE-2026-32839 Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

5.1CVSS0.00208EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 9:42 p.m.3 views

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

5.1CVSS5.8AI score0.00208EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.6 views

Edimax GS-5008PL 跨站请求伪造漏洞

The Edimax GS-5008PL is a Gigabit Ethernet switch produced by Edimax of Taiwan, China. Versions of the Edimax GS-5008PL prior to 1.00.54 contained a cross-site request forgery vulnerability. This vulnerability stemmed from the lack of anti-CSRF tokens and request validation, which could allow...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2015-9407

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when...

6.9CVSS5.7AI score0.00182EPSS
Exploits1References4
NVD
NVD
added 2026/03/16 2:17 p.m.6 views

CVE-2015-20113

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when...

6.9CVSS0.00182EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Wowza Media Systems Wowza Streaming Engine 跨站请求伪造漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable, and scalable media server software developed by Wowza Media Systems. It enables reliable streaming of high-quality video and audio to any device. Version 4.5.0 of Wowza Streaming Engine contains a cross-site request forgeing...

6.9CVSS5.8AI score0.00156EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

ZKTeco ZKBioSecurity 跨站请求伪造漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco Corporation in China. Version 3.0 of ZKTeco ZKBioSecurity contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to trick users into accessing...

5.3CVSS5.7AI score0.00207EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.22 views

CVE-2015-20113 RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting Vulnerabilities

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when...

6.9CVSS0.00182EPSS
Exploits1References3
Rows per page
Query Builder