14 matches found
CVE-2024-9183
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific...
EUVD-2023-1762
Malicious code in bioql PyPI...
IBM ApplinX Cross-Site Request Forgery Vulnerability
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, an...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
FreeBSD : jenkins -- CSRF protection bypass vulnerability (b4db7d78-bb62-4f4c-9326-6e9fc2ddd400)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b4db7d78-bb62-4f4c-9326-6e9fc2ddd400 advisory. - In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the li...
Elecom ELECOM WRC-300FEBK-A 跨站请求伪造漏洞
The ELECOM WRC-300FEBK-A is a wireless access device. The ELECOM WRC-300FEBK-A suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, and perform a malicious operation in the context of the target user...
WordPress Duplicator plugin cross-site request forgery vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports the hosting of personal blog sites on servers running PHP and MySQL.Duplicator is one of the extension plugins used to migrate/clone a site to another location. A cross-si...
Microsoft Visual Studio Cross-Site Request Forgery Vulnerability
Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation, USA. A cross-site request forgery vulnerability exists in Microsoft Visual Studio that allows remote attackers to construct malicious URIs, trick users into parsing them, which can be targeted to perform...
dotDefender Cross-Site Request Forgery Vulnerability
dotDefender is a suite of real-time network monitoring tools that provide comprehensive monitoring of networks, protection against malicious attacks by hackers, and more. A cross-site request forgery vulnerability exists in dotDefender that allows remote attackers to construct malicious URIs, tri...
Moodle Cross-Site Request Forgery Vulnerability (CNVD-2015-07745)
Moodle is a free, open source e-learning software platform. Moodle suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform malicious actions...
Cisco MediaSense Cross-Site Request Forgery Vulnerability
Cisco MediaSense provides recording, playback, live streaming, and storage media, including audio and video, to improve customer service. A cross-site request forgery vulnerability exists in Cisco MediaSense that allows remote attackers to construct malicious URIs, trick users into parsing them,...
Drupal Decisions Module Cross-Site Request Forgery Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site request forgery vulnerability exists in Drupal Decisions, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform malicious actions...
ASUS RT-G32 Cross-Site Request Forgery Vulnerability
ASUS RT-G32 routers is a router device. A cross-site request forgery vulnerability exists in ASUS RT-G32 routers, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context of the target user...
Moodle Glossary Cross-Site Request Forgery Vulnerability
Moodle is an open source web-based teaching and learning application. A cross-site request forgery vulnerability exists in Moodle Glossary, which could be exploited by remote attackers to construct malicious URIs, trick users into parsing them, and could be used to perform malicious actions in th...