CVE-2016-20083 WordPress More Fields Plugin 2.1 Cross-Site Request Forgery

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

CVE-2026-44976

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

CVE-2025-65962

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies,...

PT-2019-1105 · Npm +6 · Npm Cli +6

Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.3 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation may allow a remote attacker to write arbitrary files by creating a symbolic link to...