9 matches found
EUVD-2025-3981
Malicious code in bioql PyPI...
CVE-2025-24900 Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to...
CVE-2025-24900
Concorde (Nexkey) vulnerability: lack of CSRF protection and misconfigured cookies for MediaProxy authentication allow bypassing authentication, enabling image loading without restrictions. Affects versions prior to 12.25Q1.1 (SameSite attribute missing); prior to 12.24Q2.3 the same cookie also a...
CVE-2025-24900 Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to...
CVE-2025-24900 Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to...
DEF CON 2019: 35 Bugs in Office Printers Offer Hackers an Open Door
LAS VEGAS — At least 35 significant vulnerabilities in six commonly used enterprise printers have been uncovered, manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera and Brother. The bugs will be presented by NCC Group at a DEF CON session entitled “Why You Should Fear Your Mundane Office Equipmen...
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery...
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery
...
Automattic: HTML form without CSRF protection
HTML form without CSRF protection Vulnerability description Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts...