Lucene search
K

11 matches found

Vulnrichment
Vulnrichment
added 2026/03/23 12:16 p.m.4 views

CVE-2026-31849 Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...

7.2CVSS5.8AI score0.00117EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/16 9:18 p.m.7 views

Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion

Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...

9.1CVSS5.9AI score0.00323EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-14818

Malicious code in bioql PyPI...

6.3CVSS6.5AI score0.00163EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.13 views

CVE-2024-11141 Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00149EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:6 p.m.6 views

CVE-2024-11141 Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00149EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/17 12:0 a.m.9 views

CVE-2025-29722

A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints...

6.8AI score0.00163EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/10 9:28 a.m.18 views

CVE-2025-24387 Missing CSRF protection

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...

4.8CVSS7.1AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/10 9:28 a.m.22 views

CVE-2025-24387 Missing CSRF protection

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...

4.8CVSS0.0014EPSS
Exploits0References1
Veracode
Veracode
added 2024/03/04 3:49 a.m.20 views

Cross Site Request Forgery (CSRF)

mongo-express is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due a missing CSRF protection in an end point /admin. An attacker can exploit this to do unauthorized actions, such as deletion of a Collection...

6.1CVSS7AI score0.00206EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.3 views

Progress Software WS_FTP Server Cross-Site Request Forgery Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, Inc. A cross-site request forgery vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.2, which stems from a lack of cross-site request forgery CSRF protection...

6.8CVSS6.7AI score0.00351EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.6 views

CVE-2022-0403

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users,...

8.1CVSS7.7AI score0.01231EPSS
Exploits2References2
Rows per page
Query Builder