Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.6 views

GitLab 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-11990)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting...

3.5CVSS5.7AI score0.00258EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0487

Malware in sbrugna...

8.8CVSS8.7AI score0.0098EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.14 views

EUVD-2017-0163

Malware in sbrugna...

5CVSS6.3AI score0.04397EPSS
Exploits1References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-2313

Malware in sbrugna...

5CVSS9.2AI score0.03263EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.7 views

CVE-2024-38863

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35 and 2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks...

7.5CVSS6.8AI score0.00411EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:26 a.m.10 views

CVE-2019-15515

Discourse 2.3.2 sends the CSRF token in the query string...

6.5CVSS7AI score0.00615EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/25 3:31 p.m.10 views

Moodle's mod_data edit/delete pages pass CSRF token in GET parameter

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

3.1CVSS6.8AI score0.00296EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2025/04/25 2:42 p.m.76 views

CVE-2025-3637

Moodle vulnerability CVE-2025-3637: CSRF protection data is exposed via the URL on mod_data edit and delete pages, allowing confidential information to be shared publicly. The issue is described as token exposure in GET parameters, specifically affecting Moodle’s mod_data edit/delete workflows. N...

3.1CVSS3.9AI score0.00296EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/25 2:42 p.m.17 views

CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

3.1CVSS7.1AI score0.00296EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/25 2:42 p.m.18 views

CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

3.1CVSS0.00296EPSS
Exploits0References3
OSV
OSV
added 2024/10/14 8:15 a.m.6 views

CVE-2024-38863

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35 and 2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks...

7.5CVSS7AI score
Exploits0References1
OSV
OSV
added 2021/11/26 11:3 a.m.2 views

OESA-2021-1444 mailman security update

Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content...

6.5CVSS7.2AI score0.01284EPSS
Exploits0References3
OSV
OSV
added 2021/01/19 3:15 p.m.17 views

CVE-2020-28482

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true 2. The CSRF token was available in the GET query parameter...

8.8CVSS6.8AI score
Exploits0References2
Hacker One
Hacker One
added 2020/05/06 9:37 p.m.135 views

BTFS: misconfigured CORS let to HPP and SOP bypass

Hello team, I found a bug on your website that let me bypass the SOP policy. Hope you fix it, everything is in the video https://www.youtube.com/watch?v=PYsU350S-s4 Impact The attacker my direct a victim to a phishing page of www.bitterrent.com/login and he/she will be convince to enter their ema...

7.2AI score
Exploits0
OSV
OSV
added 2017/07/03 4:29 p.m.5 views

CVE-2017-5943

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery CSRF verification tokens via a crafted URL...

8.8CVSS8.5AI score
Exploits0References3
Rows per page
Query Builder