6 matches found
PT-2026-39011
Name of the Vulnerable Software and Affected Versions Langfuse versions 3.68.0 through 3.166.0 Description A role-based access control flaw exists in the LLM connection update flow. An authenticated user with the "member" role in a project can request an update to an existing LLM connection by...
CVE-2024-37906 Admidio has Blind SQL Injection in ecard_send.php
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the...
CVE-2020-35972
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html...
Cross site request forgery (csrf)
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html...
CVE-2020-35972
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html...
CVE-2020-35972
The CVE-2020-35972 entry relates to YzmCMS V5.8 and describes a Cross-Site Request Forgery (CSRF) vulnerability in the endpoint member/member/add.html. The weakness allows an attacker to cause the creation of new member user accounts via CSRF requests, as reported across multiple sources (CNVD/CN...