6 matches found
PT-2026-5332
birkir prime = 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query...
EUVD-2024-24976
Malicious code in bioql PyPI...
CVE-2024-27783
Multiple cross-site request forgery CSRF weaknesses CWE-352 vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests...
CVE-2024-27783
Fortinet FortiAIOps 2.0.0 is affected by a CSRF vulnerability in its web UI, allowing an unauthenticated attacker to trick a victim into making HTTP GET requests that perform arbitrary actions on behalf of a logged-in user. Root cause: insufficient validation of requests from trusted users in the...
Server-side Request Forgery (SSRF)
batik-svgrasterizer is vulnerable to server side request forgery SSRF. It is possible as it does not prevent an attacker to make malicious GET requests on behalf of the server through the use of xlink:hrefattributes which allows access to internal resources...
Armida Databased Web Server 1.0 - GET Remote Denial of Service
Armida Databased Web Server 1.0 - GET Remote Denial of Service // source: https://www.securityfocus.com/bid/8017/info Armida Databased Web Server is reportedly prone to a remote denial of service when process malicious GET requests. The problem occurs when processing requests containing excessive...