HSEC-2026-0002 Hackage CSRF vulnerability

Hackage CSRF vulnerability Vulnerable File: src/Distribution/Server/Features/Votes.hs example Impact: can forge requests through XSS hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly...

rails_admin ruby cross-site request forgery vulnerability

railsadmin ruby is a Rails engine that supports the use of interfaces to manage data. A cross-site request forgery vulnerability exists in versions of railsadmin ruby prior to 1.1.1, which stems from a failure of the Non-GET method to validate a cross-site request forgery token. An attacker could...

UBUNTU-CVE-2016-10522

railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...

UBUNTU-CVE-2014-0032

The getresource function in repos.c in the moddavsvn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via vectors related to the server root and request methods other than GET, as...