Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the authentication process. An attacker can modify a user's authentication method by tricking the user into visiting a malicious page. Remediation Upgrade...

EUVD-2017-17505

Malware in sbrugna...

EUVD-2020-8212

Malware in sbrugna...

EUVD-2018-19673

Malware in sbrugna...

CVE-2025-59950

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection confirmation dialog, it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button...

CVE-2025-55031

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects...

Complaint Management System Cross-Site Request Forgery Vulnerability

Complaint Management System is a complaint management system. The Complaint Management System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could use this...

CVE-2025-48991

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...

firefox: thunderbird: Potential local code execution in “Copy as cURL” command

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, leading to local code execution on the user's system...

Improper Input Validation

pdm is vulnerable to Improper Input Validation. The vulnerability exists in the readlockfile function at repositories.py due to lack of input validations which allows an attacker to trick a user into installing a malicious open source PyPi package...

CVE-2023-4047

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

Code injection

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox 115...

Information disclosure

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

Autodesk Maya 安全漏洞

Autodesk Maya is a three-dimensional computer graphics software from the American company Autodesk. It is widely used to create digital special effects for movies, television, commercials, computer games and video games. A security vulnerability exists in Autodesk Maya USD. An attacker exploits t...

SUSE CVE-2009-1107

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing...

SUSE CVE-2009-3076

Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the 1 pkcs11.addmodule and 2 pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy CSP fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypas...