7 matches found
EUVD-2025-5962
Malicious code in bioql PyPI...
EUVD-2025-5956
Malicious code in bioql PyPI...
code-server's session cookie can be extracted by having user visit specially crafted proxy URL
Summary A maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Details Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL https:///proxy/[email protected]/path would be...
Cross-Site Request Forgery (CSRF)
typo3/cms-form is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, which incorrectly accept submissions via HTTP GET requests instead of enforcing the correct HTTP method. Misconfigured settings, such ...
GHSA-7R5Q-4QGX-V545 TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery
Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...
Mozilla Firefox < 1.0.1 Multiple Vulnerabilities
Binary data 2652.prm...
KICQ 1.0 - Arbitrary Command Execution
KICQ 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2443/info KICQ is an ICQ-compatible interactive messaging client for Unix. Versions of KICQ are vulnerable to remote execution of arbitrary commands embedded in URLs. A maliciously-composed URL containing shell...