CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

CVE-2021-41719

Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the...

Maharashtra State Electricity Distribution Mahavitran 安全漏洞

Maharashtra State Electricity Distribution Mahavitran is a renewable energy portal of Maharashtra State Electricity Distribution, India. A security vulnerability exists in Maharashtra State Electricity Distribution Mahavitran version 16.1 and earlier, which stems from the use of the GET method fo...

CVE-2025-26473

The Mojave Inverter uses the GET method for sensitive information...

CVE-2025-26473

The Mojave Inverter uses the GET method for sensitive information...

CVE-2025-26473 Outback Power Mojave Inverter Use of GET Request Method With Sensitive Query Strings

The Mojave Inverter uses the GET method for sensitive information...

Outback Power Mojave Inverter 安全漏洞

Outback Power Mojave Inverter is an AC inverter from Outback Power. A security vulnerability exists in the Outback Power Mojave Inverter that originates from the ability to obtain sensitive information using the GET method...

CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

PT-2025-3148 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

PT-2025-3149 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

CVE-2024-52590 Missing validation allows spoofed profiles in Misskey

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...

The vulnerability of the GET method of the software management system in the One-to-one Dell OpenManage Server Administrator (OMSA) mode allows attackers to increase their privileges.

The vulnerability of the GET method of the software management interface in the One-to-one Dell OpenManage Server Administrator OMSA mode is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...

CVE-2024-45760

Dell OpenManage Server Administrator (Dell OMSA) — affected: version 11.0.1.0 and prior. Vulnerability: improper access control allowing a remote, low-privilege user to perform unauthorized actions with elevated privileges via HTTP GET. Impact per sources: potential elevation of privilege; no exp...

PT-2024-9309 · Dell · Dell Openmanage Server Administrator

Name of the Vulnerable Software and Affected Versions: Dell OpenManage Server Administrator versions 11.0.1.0 and prior Description: The issue is related to an improper access control vulnerability in the Dell OpenManage Server Administrator. This vulnerability can be exploited by a remote...

CVE-2024-45791 Apache HertzBeat: Exposure sensitive token via http GET method with query string

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

CVE-2024-45791 Apache HertzBeat: Exposure sensitive token via http GET method with query string

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

CVE-2024-6673

A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...

CVE-2024-6673

A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...