CVE-2023-43149

SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery CSRF that allows a remote attacker to add an admin user with role status...

EUVD-2020-21748

Malware in sbrugna...

EUVD-2018-2593

Malware in sbrugna...

EUVD-2021-11244

Malware in sbrugna...

EUVD-2018-2587

Malware in sbrugna...

EUVD-2019-7717

Malware in sbrugna...

EUVD-2024-16432

Malicious code in bioql PyPI...

EUVD-2022-37407

Malicious code in bioql PyPI...

CVE-2025-52880

Komga (media server for comics/manga/eBooks) has a documented XSS vulnerability in EPUB handling affecting versions 1.8.0–1.21.3. The flaw lets an attacker perform actions on the victim via crafted EPUBs, and when an admin user is targeted, it can combine with server-side commands to achieve arbi...

CVE-2024-6723

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions...

CVE-2023-6222

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks...

CVE-2020-19883

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for userlogin, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

CVE-2018-11632

An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings via...

CVE-2024-0640

CVE-2024-0640 (Chatwoot) describes a stored XSS vulnerability in chatwoot/chatwoot versions 3.0.0 to 3.5.1. An admin can inject malicious JavaScript through the dashboard app settings, which can then be executed by another admin when they access the affected dashboard. The issue has been fixed in...

CVE-2023-5108

The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

PT-2023-21506 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability to modify...

CVE-2023-28340

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack...

CVE-2017-9674

In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?returnurl=XSS exploitable as a regular or admin user...

OneCMS 2.6 Cross Site Request Forgery

Topic : OneCMSv2.6 2010-03-25 Bug type : remote add admin user exploit Download : http://sourceforge.net/projects/onecms/files/onecms/v2.6/OneCMSv2.6.zip/download =========================================================================== Author : ItSecTeam Email : [email protected] Website:...

Croogo 1.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities

----------------------------------------------------------------------------------------------- Title: Croogo 1.2.1 Multiple CSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmaildotcom Date: 07. February 2010...