24 matches found
EUVD-2018-12593
Malware in sbrugna...
EUVD-2014-8170
Malware in sbrugna...
EUVD-2020-23533
Malware in sbrugna...
EUVD-2018-3439
Malware in sbrugna...
EUVD-2022-29939
Malicious code in bioql PyPI...
EUVD-2023-3158
Malicious code in bioql PyPI...
EUVD-2023-3280
Malicious code in bioql PyPI...
PT-2025-30069 · Unknown · Student-Manage
Name of the Vulnerable Software and Affected Versions: StudentManage version 1.0 Description: The software contains a Cross-Site Request Forgery CSRF issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...
CVE-2021-34086
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests...
CVE-2019-17237
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF...
PYSEC-2023-266
Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the executi...
Security update for cacti, cacti-spine (important)
openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2021:0755-1 Rating: important References: 1180804 Cross-References: CVE-2020-35701 CVSS scores: CVE-2020-35701 NVD : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2...
Backdoor.Win32.Agent.aak Code Execution / Cross Site Request Forgery
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582aB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Cross Site Request Forgery CSRF - Code Execution Descriptio...
Responsive Menu < 4.0.4 - CSRF to Settings Update
"Attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site." function submitRequest var xhr = new...
CVE-2020-7988
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...
The Official Facebook Chat Plugin < 1.3 - CSRF
The The Official Facebook Chat Plugin WordPress plugin was affected by a CSRF security vulnerability...
CVE-2018-18760
RhinOS 3.0 build 1190 allows CSRF...
CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do (WordPress plugin)
Description ----------- ================ CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do Vulnerability ------------- ================ Contains a CSRF vulnerability which can copy content from one site of a multisite installation t...
WordPress Peter's Login Redirect 2.9.0 XSS / CSRF
------------------------------------------------------------------------ Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...