CVE-2018-25391

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/modpengurus/aksipengurus.php module=pengurus&act=hapus and...

CVE-2018-25391 HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/modpengurus/aksipengurus.php module=pengurus&act=hapus and...

Sitejo HaPe PKH 安全漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains a security vulnerability. This vulnerability stems from the lack of authorization for the record deletion endpoint, which may allow unauthenticated...

PT-2026-44869

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/mod pengurus/aksi pengurus.php module=pengurus&act=hapus and...

CVE-2026-40836

CVE-2026-40836 describes an unauthenticated SQL Injection in the inmessage model that can be exploited by a low-privileged remote attacker. The vulnerability arises from improper neutralization of special elements in a SQL DELETE command, enabling reading of the entire database and deletion of en...

PT-2026-43254

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

CVE-2026-44548 ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records,...

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

ChurchCRM 跨站请求伪造漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.3.2 contained a cross-site request forgeing vulnerability. This vulnerability originated from a top-level cross-site GET navigation request and could potentially allow logged-in users to delete records...

CVE-2025-13987

CVE-2025-13987 affects the WordPress plugin Purchase and Expense Manager up to version 1.1.2. The issue is a Cross-Site Request Forgery (CSRF) due to missing nonce validation in the function sup_pt_handle_deletion . This allows unauthenticated attackers to delete arbitrary purchase records by tri...

EUVD-2020-5680

Malware in sbrugna...

EUVD-2021-13574

Malware in sbrugna...

EUVD-2020-0454

Malware in sbrugna...

EUVD-2019-14137

Malware in sbrugna...

EUVD-2012-2105

Malware in sbrugna...

EUVD-2024-41454

Malicious code in bioql PyPI...

CVE-2024-40332

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/moneyRecorddeal.php?mudi=delRecord...

CVE-2021-26787

A cross site scripting XSS vulnerability in Genesys Workforce Management 8.5.214.20 can occur during record deletion via the Time-off parameter...

CVE-2019-14726

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account...

CVE-2024-45392

SuiteCRM is an open-source customer relationship management CRM system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue...