PT-2026-43462

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description A cross-site request forgery CSRF issue exists in the 2FA toggle functionality. The endpoint "plugin/LoginControl/set.json.php" accepts POST requests with the parameters type=set2FA and value=false ...

Directory Traversal

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal via the index function in MediaBrowserController when the fileRemove action is triggered and user input is concatenated with the...

EUVD-2022-4403

Malicious code in bioql PyPI...

EUVD-2022-0611

Malicious code in bioql PyPI...

Cross site request forgery (csrf)

solidusfrontend is the cart and storefront for the Solidus e-commerce project. Versions of solidusfrontend prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery CSRF vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions...