CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

CVE-2023-53900

SPIP 4.1.10 is affected by a file-upload vulnerability where SVG files containing embedded external links can be uploaded and used to redirect users via a crafted SVG logo. Root cause is improper file-upload filtering. Consequences described across sources include social-engineering-like admin in...

CVE-2023-53900 Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

CVE-2023-53900 Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

PT-2024-16088 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: The WP Project Manager versions up to, and including, 2.6.13 Description: The issue is related to Insecure Direct Object Reference, which affects the plugin due to missing validation on the user id user-controlled key in the Abstract Permissi...

CVE-2020-36519

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...

CVE-2020-36519

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...

CVE-2020-36519

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...

Waychar enrollment system has a flawed logic vulnerability

Waychar Registration System is an online registration system developed for sporting events and other general purpose activities. A logic flaw vulnerability exists in the Waychar registration system. An attacker can exploit this vulnerability to spoof an administrator login by modifying the value ...

pfSense Firewall Cross-Site Request Forgery Vulnerability (CNVD-2016-02624)

pfSense is a free, open-source customized version of FreeBSD designed for use as a firewall and router. A cross-site request forgery vulnerability exists in pfSense. Due to insufficient script validation of HTTP requests, a remote attacker can spoof a logged-in administrator to access malicious w...