Lucene search
K

371 matches found

cnvd
cnvd
added 2025/06/10 12:0 a.m.3 views

Traffic Offense Reporting System Cross-Site Request Forgery Vulnerability

Traffic Offense Reporting System is a traffic violation reporting system. The Traffic Offense Reporting System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker cou...

8.8CVSS6.8AI score0.00263EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/06/06 12:0 a.m.7 views

PT-2025-24330 · Undefined · Undefined

GitHub - Moulish2004/CVE-2025-44603-CSRF-Leads to Create FakeUsers: CSRF can create fake users by tricking an authenticated user into submitting a malicious request. The web app trusts the session, allowing unauthorized account creation, leading https://t.co/xCEocK40CA...

6.5AI score
Exploits0References1
exploitdb
exploitdb
added 2025/06/05 12:0 a.m.349 views

CloudClassroom PHP Project 1.0 - SQL Injection

Exploit Title: CloudClassroom PHP Project 1.0 - SQL Injection Google Dork: inurl:CloudClassroom-PHP-Project-master Date: 2025-05-30 Exploit Author: Sanjay Singh Vendor Homepage: https://github.com/mathurvishal/CloudClassroom-PHP-Project Software Link:...

7.3CVSS7.4AI score0.00995EPSS
Exploits3
vulnrichment
vulnrichment
added 2025/05/23 3:37 p.m.14 views

CVE-2025-48376 Dnn.Platform's Site Import could use an external source with a crafted request

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...

3.5CVSS3.8AI score0.00214EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 10:41 a.m.7 views

CVE-2024-47828

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...

6.5CVSS7AI score0.00288EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/23 12:46 a.m.9 views

CVE-2022-4023

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

5.3CVSS6.6AI score0.003EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 10:6 p.m.11 views

CVE-2022-39358

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...

6.5CVSS6.7AI score0.00439EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:54 p.m.8 views

CVE-2022-2456

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility ...

4.9CVSS6.4AI score0.00792EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:24 p.m.19 views

CVE-2021-29416

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB...

6.5CVSS6.7AI score0.01149EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 4:42 p.m.8 views

CVE-2020-5140

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,...

7.5CVSS7AI score0.01763EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 4:17 p.m.13 views

CVE-2020-13510

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at ...

6.5CVSS6.5AI score0.00375EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/22 3:23 p.m.8 views

CVE-2020-26264

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...

6.5CVSS6.7AI score0.01864EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 8:48 a.m.8 views

CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

9.8CVSS6.9AI score0.3665EPSS
Exploits4References1
redhatcve
redhatcve
added 2025/05/22 8:46 a.m.11 views

CVE-2019-6651

In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request...

5.3CVSS6.9AI score0.01102EPSS
Exploits0References1
github
github
added 2025/05/19 10:16 p.m.20 views

Multer vulnerable to Denial of Service from maliciously crafted requests

Impact A vulnerability in Multer versions =1.4.4-lts.1 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Patches Users should upgrade to 2.0.0 Workarounds None...

7.5CVSS6.8AI score0.00697EPSS
Exploits0References5Affected Software1
snyk
snyk
added 2025/05/15 6:31 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the improper verification of user permissions when accessing groups. An attacker can view unauthorized group information by crafting a malicious API request. Remediation Upgrade...

5.3CVSS6.7AI score0.00257EPSS
Exploits0References2
snyk
snyk
added 2025/05/15 6:31 p.m.1 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization due to the improper verification of user permissions when accessing groups. An attacker can view unauthorized group...

5.3CVSS6.7AI score0.00257EPSS
Exploits0References2
redhat
redhat
added 2025/05/13 5:18 p.m.5 views

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...

7.5CVSS7.1AI score0.00693EPSS
Exploits0References7
cnnvd
cnnvd
added 2025/04/22 12:0 a.m.6 views

Moodle 跨站请求伪造漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site request forgery vulnerability that stems from the lack of an anti-cross-site request forgery...

8.8CVSS6.7AI score0.00254EPSS
Exploits0References3
cnvd
cnvd
added 2025/04/18 12:0 a.m.6 views

SAP NetWeaver Application Server Code Injection Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. A code injection vulnerability exists in SAP NetWeaver Application Server, which arises from improper authentication checks, where an attacker constructs a malicious RFC request to a restricted target. The vulnerability...

8.5CVSS7.4AI score0.00481EPSS
Exploits0References1
Rows per page
Query Builder