CVE-2022-31520

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

EUVD-2023-60183

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform...

Cross-site Request Forgery (CSRF)

Apache Geode is vulnerable to cross-site request forgery CSRF. The vulnerability is due to unsafe acceptance of state-changing GET requests in the Management and Monitoring REST API, allowing attackers who obtain a user’s session credentials to trigger malicious commands on behalf of the...

PT-2025-50527

Name of the Vulnerable Software and Affected Versions Screen SFT DAB version 1.9.3 Description Screen SFT DAB version 1.9.3 has an authentication issue. An attacker can bypass authentication by reusing IP-bound session identifiers due to weak session management. This allows unauthorized requests ...

CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

EUVD-2025-201837

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

PT-2025-49607

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

CVE-2023-7328 Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values...

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

Ubiquiti UniFi Access Application 安全漏洞

Ubiquiti UniFi Access Application is an access control system from Ubiquiti, Inc. A security vulnerability exists in the Ubiquiti UniFi Access Application versions 3.3.22 through 3.4.31, which stems from an exposed management API and lack of proper authentication, which could lead to unauthorized...

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

CVE-2025-52665

CVE-2025-52665 affects UniFi Access Application 3.3.22–3.4.31, where a misconfigured management API is exposed without proper authentication, allowing attackers on the management network to access management functions. Affected component: the UniFi Access management API; root cause: misconfigurat...

PT-2025-43553

Name of the Vulnerable Software and Affected Versions UniFi Access Application versions 3.3.22 through 3.4.31 Description A misconfiguration in the UniFi Access application exposes a management API without proper authentication. An attacker with access to the management network could exploit this...

CVE-2025-47410

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

EUVD-2025-34997

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

GHSA-GJP8-99FV-CGCW Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Management and Monitoring REST API when processing GET requests. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into submitting malicious request...