EUVD-2022-52524

Malicious code in bioql PyPI...

EUVD-2025-23518

Malicious code in bioql PyPI...

Cross-Site WebSocket Hijacking (CSWSH)

github.com/komari-monitor/komari, is vulnerable to Cross-Site WebSocket Hijacking CSWSH. The vulnerability is due to disabled origin checking, which allows an attacker to hijack authenticated user WebSocket connections...

PT-2025-33680 · Komari · Komari

Name of the Vulnerable Software and Affected Versions: Komari versions prior to 1.0.4-fix1 Description: Komari is a server monitoring tool. A Cross-Site WebSocket Hijacking CSWSH issue exists in the WebSocket upgrader due to disabled origin checking, potentially allowing remote code execution...

aap-gateway: CSRF origin checking is disabled

A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda...

CVE-2025-5988

A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda. Mitigation Use HTTPS on the platform ingress if possible. Since this is a problem in edge-terminated...

CVE-2025-5988 Aap-gateway: csrf origin checking is disabled

A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda...

PT-2025-31820 · Unknown · Ansible Aap-Gateway

Name of the Vulnerable Software and Affected Versions: Ansible aap-gateway affected versions not specified Description: A flaw exists in Ansible aap-gateway where cross-site request forgery CSRF origin checking is not performed on requests originating from the gateway to external components,...

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

Siemens Web Server Login Page of Industrial Controllers Cross-Site Request Forgery (CVE-2022-30694)

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross- site request forgery attack. This plugin only works with Tenable.ot. Please visit...

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

Cross site request forgery (csrf)

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

CVE-2022-30694

Summary: CVE-2022-30694 is a CSRF vulnerability in the Siemens web server login endpoint "/FormLogin" that can allow an authenticated attacker to track other users’ activities by bypassing origin checks. The issue affects multiple Siemens products including SIMATIC Drive Controllers, SIMATIC ET 2...

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

Upserve : DOM Based XSS via postMessage at https://inventory.upserve.com/login/

Description DOM based XSS is possible at https://inventory.upserve.com/login/ due to insecure origin checking when receiving a postMessage. POC 1. Visit https://hq.upserve.com.████████/upservexss.html 2. Click link 3. View alert on https://inventory.upserve.com Vulnerable Code javascript...

Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions) Vulnerability

Exploit for php platform in category web applications Exploit Title: Admidio 3.3.5 - Cross-Site Request Forgery Change Permissions Author: Nawaf Alkeraithe Vendor Homepage: https://www.admidio.org/ Software Link:...

Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)

Admidio 3.3.5 - Cross-Site Request Forgery Change Permissions Exploit Title: Admidio 3.3.5 - Cross-Site Request Forgery Change Permissions Author: Nawaf Alkeraithe Date: 2018-09-01 Vendor Homepage: https://www.admidio.org/ Software Link:...

Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)

Exploit Title: Admidio 3.3.5 - Cross-Site Request Forgery Change Permissions Author: Nawaf Alkeraithe Date: 2018-09-01 Vendor Homepage: https://www.admidio.org/ Software Link: https://sourceforge.net/projects/admidio/files/Admidio/3.3.x/admidio-3.3.5.zip/download Version: 3.3.5 Tested on: PHP CVE...