CVE-2018-25354 Joomla Component jomres 9.11.2 Cross-Site Request Forgery

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to chan...

CVE-2026-45243

Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read,...

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

PT-2026-41720

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue exists in the content script window.postMessage bridge. This allows malicious pages to simulate runtime messages using spoofed sender identifiers, enabling unauthoriz...

CVE-2020-37241

CVE-2020-37241 affects bloofoxCMS 0.5.2.1 and describes a cross-site request forgery (CSRF) that enables an attacker to perform administrative actions by luring a logged-in admin to visit a malicious page. The attack can craft hidden requests targeting the admin user-creation endpoint to add new ...

EUVD-2026-29944

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...

SAP SAPUI5 安全漏洞

SAP SAPUI5 is a JavaScript application framework developed by the German company SAP. There is a security vulnerability in SAP SAPUI5, which allows unauthenticated attackers to manipulate specific URL parameters containing malicious content. This could lead victims to clicking on and accessing...

CVE-2016-20053

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...

EUVD-2026-12464

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using...

CVE-2017-20221

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

CVE-2026-22918

CVE-2026-22918 describes missing protection against clickjacking that could allow an attacker to trick users into performing unintended actions on malicious pages, potentially leading to the extraction of sensitive data. The core description is echoed across multiple connected sources (NVD, Red H...

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

PT-2026-2999

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, potentially leading to the extraction of...

CVE-2022-50925

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specif...

CVE-2020-10912

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...