CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

200 matches found

CNVD•added 2019/07/09 12:0 a.m.•2 views

Flarum Cross-Site Request Forgery Vulnerability

Flarum is an open source forum system. A cross-site request forgery vulnerability exists in Flarum versions prior to 0.1.0-beta.9. The vulnerability stems from a networked system or product that does not adequately validate the origin or authenticity of data, which can be exploited by an attacker...

8.8CVSS6.7AI score0.00196EPSS

Exploits0References1

Veracode•added 2019/07/08 11:7 a.m.•19 views

Cross-Site Request Forgery (CSRF)

flarum/core is vulnerable to cross-site request forgery CSRF. The application was not able to determine the authenticity and origin of requests received due to a lack of anti-CSRF tokens. This allows remote attackers to submit unwanted requests on behalf of users when the users are tricked into...

8.8CVSS8.5AI score0.00196EPSS

Exploits0References3Affected Software1

NVD•added 2019/07/07 3:15 p.m.•13 views

CVE-2019-13183

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings...

8.8CVSS8.8AI score0.00196EPSS

Exploits0References3

OSV•added 2019/07/07 3:15 p.m.•0 views

CVE-2019-13183

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings...

8.8CVSS7.4AI score

Exploits0References3

Prion•added 2019/07/07 3:15 p.m.•9 views

Cross site request forgery (csrf)

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings...

6.8CVSS8.7AI score0.00196EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2019/07/07 3:15 p.m.•1 views

CVE-2019-13183

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings...

8.8CVSS5.5AI score0.00196EPSS

Exploits0References4

Cvelist•added 2019/07/07 2:34 p.m.•11 views

CVE-2019-13183

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings...

8.8AI score0.00196EPSS

Exploits0References3

CVE•added 2019/07/07 2:34 p.m.•39 views

CVE-2019-13183

CVE-2019-13183 : Flarum before 0.1.0-beta.9 is vulnerable to cross-site request forgery (CSRF) on all POST endpoints, demonstrated by changing admin settings. The issue affects Flarum open-source forum software prior to the 0.1.0-beta.9 release; no explicit root-cause details beyond CSRF exposure...

8.8CVSS8.7AI score0.00196EPSS

Exploits0References3Affected Software1

Prion•added 2019/04/25 3:29 a.m.•9 views

Command injection

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens...

5CVSS7.5AI score0.00237EPSS

Exploits0References2Affected Software1

NVD•added 2019/04/25 3:29 a.m.•11 views

CVE-2019-11514

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens...

7.5CVSS7.5AI score0.00237EPSS

Exploits0References2

OSV•added 2019/04/25 3:29 a.m.•5 views

CVE-2019-11514

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens...

7.5CVSS6.9AI score

Exploits0References2

Cvelist•added 2019/04/25 2:59 a.m.•11 views

CVE-2019-11514

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens...

7.5AI score0.00237EPSS

Exploits0References2

CVE•added 2019/04/25 2:59 a.m.•40 views

CVE-2019-11514

Summary (CVE-2019-11514): In Flarum core, the file User/Command/ConfirmEmailHandler.php mishandles invalidation of user email tokens prior to 0.1.0-beta.8. This creates insecure session management where email tokens can be reused, potentially enabling a remote attacker to gain access to a user ac...

7.5CVSS7.5AI score0.00237EPSS

Exploits0References2Affected Software1

CNVD•added 2019/03/05 12:0 a.m.•1 views

SQL Injection Vulnerability in FlarumChina Frontend

FlarumChina is an open source Chinese version of Flarum forum software. A SQL injection vulnerability exists in FlarumChina version v0.1.0-beta.7C. A remote attacker can exploit this vulnerability by sending a request to execute SQL commands...

9.8CVSS8.3AI score0.00264EPSS

Exploits1References1

Veracode•added 2018/11/12 1:49 a.m.•11 views

Insecure Direct Object Reference

flarum/core is vulnerable to insecure direct object reference. An attacker is able to exploit the vulnerability to modify user information which can possibly lead to a full account takeover...

5.3CVSS5.4AI score0.00194EPSS

Exploits0References2Affected Software1

NVD•added 2018/11/09 11:29 a.m.•11 views

CVE-2018-19133

In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address...

5.3CVSS5.2AI score0.00194EPSS

Exploits0References1

OSV•added 2018/11/09 11:29 a.m.•15 views

CVE-2018-19133

In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address...

5.3CVSS6.8AI score

Exploits0References1

Prion•added 2018/11/09 11:29 a.m.•9 views

Design/Logic Flaw

In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address...

5CVSS5.2AI score0.00194EPSS

Exploits0References1Affected Software1

CVE•added 2018/11/09 11:0 a.m.•42 views

CVE-2018-19133

CVE-2018-19133 involves Flarum Core 0.1.0-beta.7.1, where a flaw leads to exposure of user email addresses (PII). The connected Red Hat/GHSA entries reinforce the same description of a privacy leak, but the provided documents do not specify the root cause details, affected code paths, or a remedi...

5.3CVSS5.2AI score0.00194EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/11/09 11:0 a.m.•13 views

CVE-2018-19133

In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address...

5.2AI score0.00194EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by