Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/31 8:45 p.m.1 views

CVE-2026-34613

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS5.9AI score0.00008EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2025/12/11 11:15 p.m.1 views

CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 e.g., on Mini1prod2 allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation,...

4.2CVSS0.00018EPSS
Exploits1References1
CVE
CVEadded 2025/12/11 11:5 p.m.8 views

CVE-2025-67780

SpaceX Starlink Dish devices running firmware 2024.12.04.mr46620 are affected by CVE-2025-67780 due to unauthenticated LAN gRPC requests. The issue allows administrative actions via the diagnostic interface, and the cross-origin policy can be bypassed by omitting a Referer header, potentially ena...

4.2CVSS6.5AI score0.00018EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEVadded 2024/01/22 12:0 a.m.0 views

VulnCheck KEV: CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

4.3CVSS6.7AI score0.36406EPSS
Exploits0References1
OSV
OSVadded 2021/10/20 4:15 p.m.0 views

CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

4.3CVSS6.6AI score
Exploits0References1
Prion
Prionadded 2015/01/02 7:59 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in cgi-bin/ipinfo.cgi in IPCop aka IPCop Firewall before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING. NOTE: this can be used to bypass the cross-site request forgery CSRF protection mechanism by setting the Refere...

4.3CVSS6.5AI score0.00623EPSS
Exploits1References4Affected Software1
seebug.org
seebug.orgadded 2014/09/16 12:0 a.m.16 views

ecshop最新版csrf 下载数据库

简要描述: 太阳底下 详细说明: 测试版本,最新的2.7.4 beta1 目测2.7.3所有版本也都没有token 没有新鲜事。翻了好几遍厂商漏洞列表,确实没看到有人提过。 备份数据库的功能。 请求如下:有一个token的字段,但是默认为空,服务端也没有检查该字段,直接为空就可以请求成功。 同样,厂商采用了使用referer的方式来防御csrf,只要为空就可以绕过。可以说是这种防御是没有效果的。 构造好exp,管理员点击之后,在web目录下生成用户可控文件名的sql文件。可以直接下载。 漏洞证明: https://images.seebug.org/upload/201409/12165...

7.1AI score
Exploits0
Rows per page
Query Builder