CVE-2025-70146

Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...

EUVD-2020-28163

Malware in sbrugna...

EUVD-2012-1641

Malware in sbrugna...

Trump Revenge Tour Targets Cyber Leaders, Elections

President Trump last week revoked security clearances for Chris Krebs , the former director of the Cybersecurity and Infrastructure Security Agency CISA who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances...

How Each Pillar of the 1st Amendment is Under Attack

" Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." -U.S. Constitution,...

Trump 2.0 Brings Cuts to Cyber, Consumer Protections

One month into his second term, President Trump's actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort ...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...

CVE-2023-35938 User access not updated with privilege change in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to Private without restricted, restricted users that are project administrators keep this access right. Restricted users tha...

CVE-2020-7029

A Cross-Site Request Forgery CSRF vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged...

CVE-2006-6849

administration/index.php in Cahier de texte CDT 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions...