GHSA-FPJ4-9QHX-5M6M DNN: Force Friend Request Acceptance

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

CVE-2026-0562

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

Our PR team awarded me the “The Best Positive Speaker 2025” metal pin for public speaking, articles, and media commentary

Our PR team awarded me the “The Best Positive Speaker 2025” metal pin for public speaking, articles, and media commentary. Huge thanks to my colleagues for this! I’m very pleased. 😇 The collection is growing. 😉 This time, the pin is styled like the Friends sitcom logo. It’s made of metal, coated...

CVE-2021-22449

There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device...

Pretty Mail by FriendsOfFlarum 安全漏洞

Pretty Mail by FriendsOfFlarum is an open source tool from Friends of Flarum that allows you to make custom html templates for emails. A security vulnerability exists in Pretty Mail by FriendsOfFlarum version 1.1.2, which stems from a server-side template injection in an email template that could...

CVE-2025-12827

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...

CVE-2025-12827

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...

EUVD-2025-197943

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...

CVE-2025-12827 Top Friends <= 0.3 - Cross-Site Request Forgery to Settings Update

The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...

CVE-2025-12827

CVE-2025-12827 (Top Friends) : The WordPress Top Friends plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 0.3 due to missing nonce validation in the top_friends_options_subpanel() function. This allows unauthenticated attackers to modify plugin settings by tricking an admin...

PT-2025-47262

Name of the Vulnerable Software and Affected Versions Top Friends plugin for WordPress versions prior to 0.4 Description The Top Friends plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation within the top friends options subpanel...

WordPress plugin Top Friends 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Top Friends plugin <= 0.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Ivan Cese in WordPress Plugin Top Friends versions = 0.3...

CVE-2025-13279 code-projects Nero Social Networking Site profilefriends.php sql injection

A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and...

CVE-2025-63441

Open Source Social Network OSSN 8.6 is vulnerable to Cross Site Scripting XSS via the parameter param at endpoint u/administrator/friends...

EUVD-2025-37507

Open Source Social Network OSSN 8.6 is vulnerable to Cross Site Scripting XSS via the parameter param at endpoint u/administrator/friends...

CVE-2025-63441

Open Source Social Network OSSN 8.6 is vulnerable to Cross Site Scripting XSS via the parameter param at endpoint u/administrator/friends...

CVE-2025-63441

Open Source Social Network OSSN 8.6 is vulnerable to Cross Site Scripting XSS via the parameter param at endpoint u/administrator/friends...

CVE-2025-63441

Open Source Social Network OSSN 8.6 is vulnerable to Cross Site Scripting XSS via the parameter param at endpoint u/administrator/friends...

CVE-2025-63441

Open Source Social Network OSSN 8.6 is vulnerable to Cross Site Scripting XSS via the parameter param at endpoint u/administrator/friends...