CVE-2026-8604

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

CVE-2026-8604

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

CVE-2026-8604 Cross-Site request forgery (CSRF) in ScadaBR

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

CVE-2026-8604 Cross-Site request forgery (CSRF) in ScadaBR

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

CVE-2026-8604

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

PT-2026-41990

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

Sensorweb ScadaBR 跨站请求伪造漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains a vulnerability related to cross-site request forgeing. This vulnerability arises when attackers...

EUVD-2026-30173

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

quark-auto-save 跨站脚本漏洞

Quark-auto-save is a personal development tool by Cp0204, designed for automatic transfer of data to a Quark Network drive and management of sign-ins. Versions of quark-auto-save prior to 0.8.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the v-html...

CVE-2026-44246

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

CVE-2026-40883

Summary of CVE-2026-40883 (goshs) : A cross-site request forgery in goshs’ state-changing HTTP GET routes allows an attacker to trigger destructive actions (e.g., deleting files, creating directories) on an authenticated victim’s browser because authentication relies only on HTTP basic auth and n...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the asset delivery process. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a crafted HTML or SVG file as an asset, which is then rendered by a victim's...

Open eClass 跨站请求伪造漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from cross-site request forgery occurring at multiple teacher-restricted endpoints,...

PT-2026-3540

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

CVE-2025-67646

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...

CVE-2025-67646 TableProgressTracking's missing CSRF protection allows unauthorized state changes

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...

EUVD-2018-11828

Malware in sbrugna...

EUVD-2022-30008

Malicious code in bioql PyPI...

GHSA-R6WX-627V-GH2F Directus has an HTML Injection in Comment

Summary The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. Details The Comment feature implements a...

PT-2023-32736 · Ojs · Ojs

Name of the Vulnerable Software and Affected Versions: OJS affected versions not specified Description: A Cross-Site Request Forgery CSRF attack has been discovered, which forces an end user to execute unwanted actions on a web application in which they are currently authenticated. Recommendation...