36 matches found
[SECURITY] Fedora 44 Update: kf6-purpose-6.25.0-1.fc44
Purpose offers the possibility to create integrate services and actions on any application without having to implement them specifically. Purpose will offer them mechanisms to list the different alternatives to execute given the requested action type and will facilitate components so that all the...
CVE-2025-66581
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints...
EUVD-2020-26929
Malware in sbrugna...
EUVD-2020-26947
Malware in sbrugna...
EUVD-2020-26943
Malware in sbrugna...
EUVD-2017-10187
Malware in sbrugna...
CVE-2020-5770
Cross-site request forgery in Teltonika firmware TRB2R00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
CVE-2020-5786
Cross-site request forgery in Teltonika firmware TRB2R00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
CVE-2020-5790
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
CVE-2020-5745
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
CVE-2022-3255
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify...
CVE-2021-1544
A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the...
Cisco Webex Meetings Client Software Logging Information Disclosure Vulnerability
A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the...
CVE-2021-20096
Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
Cross site request forgery (csrf)
Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
ManageEngine AssentExplorer < 6.8 Unauthenticated Stored XSS
A stored cross-site scripting XSS vulnerability exists in the XML processing logic of asset discovery. By sending a crafted HTTP POST request to /discoveryServlet/WsDiscoveryServlet, a remote, unauthenticated attacker can create an asset containing malicious JavaScript. When an administrator view...
Design/Logic Flaw
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
CVE-2020-5790
CVE-2020-5790 is a CSRF in Nagios XI 5.7.3 that allows an attacker to induce a logged-in user to perform sensitive actions by clicking a crafted link. Affected product: Nagios XI; root cause: cross-site request forgery. Impact: sensitive application operations potentially executed by an authentic...
CVE-2020-5790
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...
CVE-2020-5786
Cross-site request forgery in Teltonika firmware TRB2R00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link...