CVE-2026-41663

Admidio has a CSRF flaw (CVE-2026-41663) affecting versions prior to 5.0.9. The vulnerability lies in the preferences module where backup, test_email, and htaccess operations are executed via GET requests without CSRF validation, allowing exploitation via SameSite=Lax cookies to trigger actions o...

CVE-2026-41663 Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

OpenProject 代码问题漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had code vulnerabilities. These vulnerabilities stemmed from SMTP test endpoints and Webhooks, which allowed any host and port value to be accepted, potentially leading to internal network...

CVE-2026-22601 OpenProject is Vulnerable to Code Execution in E-Mail function

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...

EUVD-2022-5224

Malicious code in bioql PyPI...

PT-2024-14910 · WordPress · Eventon Pro

Name of the Vulnerable Software and Affected Versions: The EventON PRO - WordPress Virtual Event Calendar Plugin plugin versions up to, and including, 4.6.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the admin test email functio...

WordPress plugin Revision Manager TMC 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2021-19616 · Axis Communications +1 · Axis Os +3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a user-controlled parameter in the SMTP test functionality that is not correctly validated. This allows an attacker to bypass...

Stripo Inc: XSRF Token is Not being validated when sending emails test request which lead to CSRF attack using the flash file + 307 redirect technique

XSRF Token is Not being validated when sending emails test request which lead to CSRF attack using the flash file + 307 redirect technique...

WordPress Email Test Plugin <= 1.5 - Order Information Disclosure

This plugin is prone to an order information disclosure vulnerability. Solution Update the plugin...

WordPress Email Test Plugin <= 1.5 - Order Information Disclosure

This plugin is prone to an order information disclosure vulnerability. Solution Update the plugin...