Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6932

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.11 views

CVE-2026-6932

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/16 3:30 p.m.7 views

EUVD-2013-7290

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS5.7AI score0.00232EPSS
Exploits1References4
NVD
NVD
added 2026/03/06 1:16 p.m.3 views

CVE-2018-25186

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user...

6.9CVSS0.00136EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.4 views

CVE-2018-25190 Easyndexer 1.0 Cross-Site Request Forgery via createuser.php

Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...

6.9CVSS5.7AI score0.0013EPSS
Exploits1References2
CVE
CVE
added 2026/03/06 12:19 p.m.12 views

CVE-2018-25190

Easyndexer 1.0 is affected by a CSRF in createuser.php that enables unauthenticated attackers to create administrative accounts by submitting forged POSTs with username, password, name, surname, and privileges=1. CVSS v3.1: 5.3 (NETWORK, LOW CA/PR, NONE UI) with I/L; CVSS v4.0: 6.9 (NETWORK, LOW ...

6.9CVSS5.7AI score0.0013EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25186

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user...

6.9CVSS5.7AI score0.00136EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.2 views

CVE-2018-25186 Tina4 Stack 1.0.3 Cross-Site Request Forgery via profile

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user...

6.9CVSS5.7AI score0.00136EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/17 9:34 p.m.1 views

Authentication Bypass Using an Alternate Path or Channel

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Telegram webhook endpoint when webhook mode is enabled without a configured secret. An attacker can...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.5 views

PT-2025-52492

Name of the Vulnerable Software and Affected Versions Galette versions prior to 1.2.0 Description Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, it was possible to gain higher privileges by updating an existing account using a self-forged...

9.8CVSS6.7AI score0.00255EPSS
Exploits0References6
Rows per page
Query Builder