CVE-2025-13282

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use thes...

EUVD-2021-10078

Malware in sbrugna...

CVE-2021-22950

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

WordPress Timthumb Vulnerability Scanner Plugin <= 1.54 is vulnerable to Cross Site Request Forgery (CSRF)

Software Timthumb Vulnerability Scanner Type Plugin Vulnerable versions = 1.54 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44240 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3300c3b6e4af Credits emad...

WordPress plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in...

CVE-2021-22950

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

Session fixation

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

CVE-2021-22950

Concrete CMS prior to version 8.5.6 has a cross-site request forgery (CSRF) vulnerability that allows deletion of attachments in the conversation section comments. The issue is documented across multiple feeds (CVE-2021-22950) with an NVD CVSS 3.1 base score of 6.5 (Network, Low attack complexity...

CVE-2021-22950

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

muncha.com Cross Site Request Forgery vulnerability OBB-1460600

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

bahramshop.ir Cross Site Request Forgery vulnerability

Open Bug Bounty ID: OBB-863000 Security Researcher calv1n Helped patch 22043 vulnerabilities Received 12 Coordinated Disclosure badges Received 37 recommendations , a holder of 12 badges for responsible and coordinated disclosure, found a security vulnerability affecting bahramshop.ir website and...

ZPanel 10.0.0.2 htpasswd Module Username Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ZPanel 10.0.0.2...