CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-38532

Malicious code in bioql PyPI...

6.8CVSS5.9AI score0.00109EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:58 p.m.•2 views

CVE-2022-35656

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly...

6.8CVSS6.9AI score0.00109EPSS

Exploits0References1

wpexploit•added 2024/05/24 12:0 a.m.•118 views

Pray For Me <= 1.0.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open an HTML file containing:...

6.6AI score0.00378EPSS

Exploits2

wpexploit•added 2023/08/07 12:0 a.m.•101 views

POEditor < 0.9.8 - Settings Reset via CSRF

Description The plugin does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks. document.forms0.submit;...

4.3CVSS7.3AI score0.00083EPSS

Exploits2References1

WPVulnDB•added 2023/06/02 12:0 a.m.•15 views

Contact Form Builder by vcita <= 4.10.2 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions...

6.1CVSS6.7AI score0.00316EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/05/08 1:58 p.m.•6 views

CVE-2023-1651 ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to...

5.3AI score0.00108EPSS

Exploits2References1

CNVD•added 2022/08/24 12:0 a.m.•20 views

Pegasystem PEGA Platform Cross-Site Request Forgery Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management.A cross-site request forgery...

6.8CVSS1.5AI score0.00109EPSS

Exploits0References1

ATTACKERKB•added 2022/08/22 3:15 p.m.•0 views

CVE-2022-35656

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly...

6.8CVSS6.4AI score0.00109EPSS

Exploits0References3Affected Software1

OSV•added 2022/08/22 3:15 p.m.•1 views

CVE-2022-35656

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly...

4.5CVSS5.8AI score

Exploits0References1

NVD•added 2022/08/22 3:15 p.m.•9 views

CVE-2022-35656

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly...

6.8CVSS0.00109EPSS

Exploits0References1

Cvelist•added 2022/08/22 2:47 p.m.•11 views

CVE-2022-35656

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly...

6.8CVSS5AI score0.00109EPSS

Exploits0References1

CVE•added 2022/08/22 2:47 p.m.•52 views

CVE-2022-35656

CVE-2022-35656 affects Pegasystem PEGA Platform versions 8.3–8.7.3. The issue allows an authenticated security administrator to directly alter CSRF settings due to a CSRF-related weakness. Affected software is Pegasystem PEGA Platform; root cause relates to CSRF setting handling. Impact per sourc...

6.8CVSS4.7AI score0.00109EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by