CVE-2026-49001

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

CVE-2026-49001

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

EUVD-2026-32109

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

WordPress plugin Sentence To SEO 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-14904

The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...

EUVD-2025-25003

Malicious code in bioql PyPI...

EUVD-2025-25063

Malicious code in bioql PyPI...

CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud

Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...

CVE-2024-6299

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...

CVE-2021-36203

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request...

CVE-2021-36203

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request...

CVE-2021-36203 Johnson Controls Metasys SCT Pro

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

Argo Server TLS requests could be forged by attacker with network access

Impact We are not aware of any exploits. This is a pro-active fix. Impacted: You are running Argo Server = v3.0 with --secure unspecified note - running in secure mode is recommended regardless. The attacker is within your network. If you expose Argo Server to the Internet then "your network" is...

WordPress SuperStoreFinder Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site request forgery vulnerability exists in WordPress SuperStoreFinder. An attacke...

Authentication flaw

An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with...

CVE-2020-9454

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploa...

XML External Entity (XXE)

PMD is vulnerable to XML external entity XXE attacks. XML external entities are being parsed in ruleset files, allowing an attacker who is able to tamper the ruleset file to perform XXE attacks to forge requests or cause a denial of service condition...

ETchat 3.7 - Cross-Site Request Forgery

Exploit Title: ETchatpersian version CMS Xsrf vulnerability Exploit Author: Hesam Bazvand Contact: https://www.facebook.com/hesam.king73 Software Link: http://dl.20script.ir/script/chat/et-chat-3.7-Persianwww.20script.ir.zip Tested on: Windows 7 / Kali Linux Category: WebApps Dork : User Your Min...

phpMyFAQ Cross-Site Request Forgery Vulnerability

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site request forgery vulnerability exists in phpMyFAQ. Due to the application failing to properly validate the 'Interface Translation' translation function of the originating HTTP request. An unauthenticated remote attacker c...