10 matches found
CVE-2024-23687
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...
CVE-2017-8930
Multiple cross-site request forgery CSRF vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can 1 create new administrator user accounts and take over the entire application, 2 create regular user accounts, or 3 change...
CVE-2025-20125
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation o...
CVE-2025-20125
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation o...
CVE-2025-20125 Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation o...
WordPress plugin WPlite 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WPlite plugin 1.3.1 and earlier versions are vulnerable to cross-site request forgery, whic...
Proofpoint Insider Threat Management Server 安全漏洞
Proofpoint Insider Threat Management Server is a server-side application from Proofpoint, Inc. for preventing malicious operations by enterprise insiders. An authorization bypass vulnerability exists in Proofpoint Insider Threat Management Server versions prior to 7.11.1, which stems from the...
CrushFTP 7.2.0 Cross Site Request Forgery / Cross Site Scripting
======================================================== I. Overview ======================================================== Multiple CSRF & Cross-Site Scripting XSS vulnerabilities have been identified in Crushftp 7.2.0 Web Interface on default configuration. These vulnerabilities allows an...
Golabi CMS <= 1.0.1 Session Poisoning Vulnerability
No description provided by source. -------------------------------------------------------------------------------- \ \ / \ | | / \ /\ \ \ \ | |/ /\ \ / \ / / | | \ | | // / / \ / | \ | / // /| | \ /|| / / | /| /\ / \ / / / // / /// /...
CVE-2008-3736
Multiple cross-site request forgery CSRF vulnerabilities in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that a change passwords or b change configurations...