Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion

Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...

EUVD-2025-14818

Malicious code in bioql PyPI...

CVE-2024-11141 Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11141 Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-24387 Missing CSRF protection

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...

CVE-2025-24387 Missing CSRF protection

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...

Cross Site Request Forgery (CSRF)

mongo-express is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due a missing CSRF protection in an end point /admin. An attacker can exploit this to do unauthorized actions, such as deletion of a Collection...

Progress Software WS_FTP Server Cross-Site Request Forgery Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, Inc. A cross-site request forgery vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.2, which stems from a lack of cross-site request forgery CSRF protection...