Lucene search
K

14 matches found

CVE
CVE
added 2026/06/17 1:41 p.m.39 views

CVE-2026-9591

CVE-2026-9591 documents a CSRF vulnerability in the SimplCommerce News module. The issue is in the NewsItemApiController and allows an unauthenticated remote attacker to create or modify news items as an administrator by submitting a crafted form to /api/news-items, due to missing anti-CSRF prote...

6.9CVSS5.4AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-7415

Malware in sbrugna...

8.8CVSS8.8AI score0.00579EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-28618

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2023/09/20 4:15 p.m.21 views

CVE-2023-2508

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

6.5CVSS5.5AI score0.00228EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.8 views

PT-2022-16190 · Aruba · Arubaos-Cx Switches

Name of the Vulnerable Software and Affected Versions: ArubaOS-CX Switches versions 10.06.0200 and below ArubaOS-CX Switches versions 10.08.1060 and below ArubaOS-CX Switches versions 10.09.1020 and below ArubaOS-CX Switches versions 10.10.0002 and below Description: The issue is related to the...

8.8CVSS8.7AI score0.00371EPSS
Exploits0References3
Veracode
Veracode
added 2021/12/02 5:29 a.m.14 views

Cross-site Request Forgery (CSRF)

showdoc/showdoc is vulnerable to cross-site request forgery. The library does not verify the authenticity of requests due to a lack of anti-CSRF protection, allowing an attacker to create a new group for any item if users visit the attacker site...

8.8CVSS5.5AI score0.00596EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2020/02/06 3:15 a.m.30 views

CVE-2020-8658

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...

8.8CVSS8.7AI score0.09918EPSS
Exploits2References3
Prion
Prion
added 2020/02/06 3:15 a.m.20 views

Cross site request forgery (csrf)

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...

6.8CVSS8.6AI score0.09918EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2020/02/06 2:19 a.m.36 views

CVE-2020-8658

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...

8.7AI score0.09918EPSS
Exploits2References3
Prion
Prion
added 2018/10/15 7:29 p.m.20 views

Cross site request forgery (csrf)

Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc...

6.8CVSS8.6AI score0.00579EPSS
Exploits2References1
Cvelist
Cvelist
added 2018/10/15 7:0 p.m.26 views

CVE-2018-15539

Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc...

8.7AI score0.00579EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2018/10/12 12:0 a.m.52 views

Cockpit CMS CSRF / XSS / Path Traversal

1 Path Traversal CVE-2018-15540 It is possible to read/write/delete files or list directories by using "../" to traverse to other folders via requests to /cockpit/media/api Example of a vulnerable request: POST /cockpit/media/api HTTP/1.1 Host: 192.168.5.129 User-Agent: Mozilla/5.0 Windows NT 10....

7.4AI score0.02259EPSS
Exploits3
0day.today
0day.today
added 2018/02/17 12:0 a.m.38 views

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications input type="submit" va...

8.7AI score0.02392EPSS
Exploits5
0day.today
0day.today
added 2015/07/17 12:0 a.m.51 views

4 TOTOLINK Router Models - CSRF and XSS Vulnerabilities

4 TOTOLINK router models suffer from cross site request forgery and cross site scripting vulnerabilities. Advisory Information Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt Blog URL:...

6.9AI score
Exploits0
Rows per page
Query Builder