774 matches found
EUVD-2024-39635
Malicious code in bioql PyPI...
EUVD-2023-26962
Malicious code in bioql PyPI...
EUVD-2024-0389
Malicious code in bioql PyPI...
EUVD-2024-17967
Malicious code in bioql PyPI...
EUVD-2022-25044
Malicious code in bioql PyPI...
EUVD-2023-59297
Malicious code in bioql PyPI...
EUVD-2022-25068
Malicious code in bioql PyPI...
CVE-2025-53095 Sunshine application-wide CSRF in the UI leads to command injection as Administrator
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery CSRF attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can...
PT-2025-22955 · Gibbon · Gibbon
Name of the Vulnerable Software and Affected Versions: Gibbon versions prior to 29.0.00 Description: The issue allows for CSRF attacks. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited...
CVE-2024-6720
The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-2858
The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-23647
Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...
CVE-2024-3407
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-7698
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks...
CVE-2024-51485
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...
CVE-2024-51487
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...
CVE-2024-51484
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to...
CVE-2024-6244
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-24336
A multiple Cross-site scripting XSS vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and...
CVE-2024-8760
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration...