15 matches found
GitLab 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-11990)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting...
EUVD-2021-0487
Malware in sbrugna...
EUVD-2017-0163
Malware in sbrugna...
EUVD-2015-2313
Malware in sbrugna...
CVE-2024-38863
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35 and 2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks...
CVE-2019-15515
Discourse 2.3.2 sends the CSRF token in the query string...
Moodle's mod_data edit/delete pages pass CSRF token in GET parameter
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...
CVE-2025-3637
Moodle vulnerability CVE-2025-3637: CSRF protection data is exposed via the URL on mod_data edit and delete pages, allowing confidential information to be shared publicly. The issue is described as token exposure in GET parameters, specifically affecting Moodle’s mod_data edit/delete workflows. N...
CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...
CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...
CVE-2024-38863
Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35 and 2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks...
OESA-2021-1444 mailman security update
Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content...
CVE-2020-28482
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true 2. The CSRF token was available in the GET query parameter...
BTFS: misconfigured CORS let to HPP and SOP bypass
Hello team, I found a bug on your website that let me bypass the SOP policy. Hope you fix it, everything is in the video https://www.youtube.com/watch?v=PYsU350S-s4 Impact The attacker my direct a victim to a phishing page of www.bitterrent.com/login and he/she will be convince to enter their ema...
CVE-2017-5943
Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery CSRF verification tokens via a crafted URL...