EUVD-2020-30164

Malware in sbrugna...

CVE-2020-9345

An issue was discovered in signotec signoPAD-API/Web formerly Websocket Pad Server before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this...

CVE-2025-23411 mySCADA myPRO Manager Cross-Site Request Forgery

mySCADA myPRO Manager is vulnerable to cross-site request forgery CSRF, which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website...

CVE-2025-23411

CVE-2025-23411 affects the mySCADA myPRO Manager. The connected sources confirm a cross-site request forgery (CSRF) vulnerability that could allow an attacker to obtain sensitive information by tricking a user to visit a malicious site. The vulnerability details across sources consistently descri...

CVE-2025-23411 mySCADA myPRO Manager Cross-Site Request Forgery

mySCADA myPRO Manager is vulnerable to cross-site request forgery CSRF, which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website...

Design/Logic Flaw

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...

CVE-2022-1148

Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the...

Open Redirect

flasksecurity is vulnerable to open redirect. The vulnerability exists in the functions getpostlogoutredirect and getpostloginredirect without a secure validation of URL with multiple back slashes such as \\\evil.com/pathwhich allows attacker to redirect to attacker-controlled website...

Mozilla Firefox permission permission and access control issue vulnerability (CNVD-2021-90106)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox, which stems from enabling password autofill on insecure websites on Firefox for Android without user interaction. An...

Products.PluggableAuthService 2.6.0 - Open Redirect Vulnerability

Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect Exploit Author: Piyush Patil Affected Component: Pluggable Zope authentication/authorization framework Component Link: https://pypi.org/project/Products.PluggableAuthService/ Version: =2.6.1"...

Cross site request forgery (csrf)

A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the devic...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

WordPress Easing Slider Plugin Cross-Site Request Forgery (CVE-2015-1436)

A cross-site request forgery CSRF vulnerability has been reported in WordPress Easing Slider Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker-controlled website...

WordPress Image Metadata Cruncher Plugin Cross Site Request Forgery (CVE-2015-1614)

A cross-site request forgery CSRF vulnerability has been reported in WordPress Image Metadata Cruncher Plugin. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker controlled website...

Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless BAC-TW could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco BAC-TW web interface. The vulnerability is due to insufficient CSRF...

Horde Groupware Webmail Edition Ingo Filter Cross-Site Request Forgery (CVE-2013-6275)

A Cross-Site Request Forgery CSRF vulnerability has been reported in Horde Groupware Webmail Edition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker...

Cisco Unified Computing System Fabric Interconnect Cross-Site Request Forgery Vulnerability

A vulnerability in the fabric interconnect FI web management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability occurs because the web interface relies on cookies to authenticate...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a...