WordPress plugin Tm – WordPress Redirection 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin WP Google Maps Integration 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2022-55974

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14841)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that is due to an authorization bypass vulnerability in the WebSocket connection path. An attacker can exploit the vulnerability to perform administrator-only...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that is due to an authorization bypass vulnerability in the WebSocket connection path. An attacker can exploit the vulnerability to perform administrator-only...

CVE-2026-2513

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

EUVD-2024-55463

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts...

CVE-2026-24050

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

CVE-2026-1103 AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...

CVE-2020-10229

A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts...

CVE-2020-36918 iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the...

EUVD-2025-203894

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console...

EUVD-2025-201942

Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls...

CVE-2025-9265

Kiloview NDI N30 contains a broken authorization vulnerability that could let a remote unauthenticated attacker deactivate user verification and perform administrator actions. Affected products: Kiloview NDI N30; vulnerable component: authorization mechanism; root cause: bypass of user verificati...

CVE-2025-11166

WP Go Maps (formerly WP Google Maps) for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) across all versions up to 9.0.46. The root cause is an AJAX bridge that exposes state-changing REST actions without proper CSRF token validation and GET-accessible destructive logic lacking a per...

EUVD-2005-0916

Malware in sbrugna...

EUVD-2021-12756

Malware in sbrugna...

EUVD-2007-5193

Malware in sbrugna...

EUVD-2008-0240

Malware in sbrugna...