CVE-2025-43767

Open Redirect vulnerability in /c/portal/editinfoitem parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this...

Magento Improper Authorization vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity...

HackerOne: Staff and Triage can modify the initial post of a report, including of already disclosed reports

The initial post of a report on HackerOne could be modified by program members and Triage, allowing them to change the information and potentially manipulate the narrative of the report...

CVE-2023-26839

A cross-site request forgery CSRF vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site...

WUZHI CMS Cross-Site Request Forgery Vulnerability (CNVD-2019-09137)

WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. WUZHI CMS 4.1.0 exists cross-site request forgery vulnerability, an attacker can change the super administrator's username via index.php?m=core&f=panel&v=editinf to take advantage of this...