Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 5.7.5 and CCM versions prior to 3.0.8, which...

EUVD-2025-0063

Malicious code in bioql PyPI...

perl:5.32 security update

An update is available for module.perl-Params-Check, module.perl-PerlIO-via-QuotedPrint, perl-Fedora-VSP, perl-Module-Build, perl-Math-BigRat, perl-Data-Section, module.perl-inc-latest, module.perl-Term-Cap, module.perl-Package-Generator, module.perl-autodie, perl-Sys-Syslog, perl-Params-Check,...

Cross-Site Request Forgery (CSRF)

typo3/cms-lowlevel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of deep links in the backend user interface, caused by insufficient enforcement of HTTP methods and reliance on misconfigured security settings and allows an attacker to manipulate...

CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55945

CVE-2024-55945 affects TYPO3 (notably the DB Check Module in the TYPO3 backend). The issue is a CSRF vulnerability in deep-linking that can enable state-changing actions to be performed via unauthorized submissions, if an attacker lures a logged-in backend user to a malicious URL. Exploitation re...

GHSA-8MV3-37RC-PVXJ TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

PT-2025-3160 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptible to Cross-Site Request Forgery CSRF. State-changing actions in...

Citrix ADC (NetScaler) Directory Traversal RCE

This module exploits a directory traversal in Citrix Application Delivery Controller ADC, aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload. Module Options msf use exploit/freebsd/http/citrixdirtraversalrce msf exploitcitrixdirtraversalrce show...

Design/Logic Flaw

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in...

BigTree CMS 'check-module-integrity.php' Cross-Site Scripting Vulnerability

BigTree CMS is an open source content management system. A cross-site scripting vulnerability exists in BigTree CMS 'check-module-integrity.php'. An attacker could exploit the vulnerability to execute arbitrary script code in a user's browser while browsing the affected site to steal cookie-based...