Linux Distros Unpatched Vulnerability : CVE-2026-3902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an...

OpenClaw has an unspecified vulnerability (CNVD-2026-13382)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has a security vulnerability that originates in the Discord audit operation processing using the sender's identity in the request parameters, which can be exploited by an attacker to request an audit operation by...

CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

ROS-20251203-06

A vulnerability in Varnish web content caching software is related to incorrect HTTP/1 requests HTTP/1 request validation. Exploitation of the vulnerability could allow a remote attacker, Perform HTTP request spoofing attacks...

EUVD-2020-2438

Malware in sbrugna...

ROS-20251002-02

A vulnerability in the Netty networking software is associated with incorrect validation of HTTP/1.1 requests. Exploitation of the vulnerability could allow an attacker acting remotely to perform spoofing attacks against HTTP requests. HTTP requests A vulnerability in the Netty networking softwar...

WordPress Like & Share My Site plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Like & Share My Site plugin, which arises from a web application that does not adequately validate whether a...

Laundry System Cross-Site Request Forgery Vulnerability

Laundry System is a laundry system. The Laundry System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could exploit this vulnerability to spoof a malicious reque...

ROS-20250430-04

A vulnerability in the libsoup library of the GNOME GUI is related to an infinite loop when reading WebSocket data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service GNOME GUI libsoup library vulnerability is related to NULL pointer dereferenci...

D-Link DIR-859 安全漏洞

The D-Link DIR-859 is a wireless router from China AUO D-Link. A security vulnerability exists in the D-Link DIR-859 v1.05 and earlier versions. An attacker can exploit this vulnerability to obtain a username and password by spoofing a post request to the /getcfg.php page...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

CVE-2025-23044

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38217)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editcategorie.php component not adequately verifying that a request comes from a...

Prometheus 安全漏洞

Prometheus is open source software written in the Go language for recording real-time metrics from time series databases built using the HTTP pull model. An unspecified vulnerability exists in Prometheus Exporter Toolkit versions 0.7.2 and prior to 0.8.2, which can be exploited by an attacker to...

Mysiteforme 代码问题漏洞

Mysiteforme is a privilege management system. A security vulnerability exists in Mysiteforme version v2.2.1, which can be exploited by an attacker to spoof requests to the server side...

Johnson Controls Metasys system 代码问题漏洞

Johnson Controls Metasys system is a building automation system from Johnson Controls. A code issue vulnerability exists in the Johnson Controls Metasys system that allows an attacker to identify and spoof requests to an internal system via specially crafted requests...

The vulnerability of the SAP UI5 software-based HTTP handler allows attackers to compromise the integrity of protected information.

The vulnerability of the SAP UI5 software application’s HTTP handler is related to the ability to bypass authentication through spoofing. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information...

CVE-2015-6036

CVE-2015-6036 affects QNAP Signage Station prior to version 2.0.1. An unauthenticated attacker can bypass authentication by sending a spoofed HTTP request, enabling remote upload of files to the server. The vulnerability is documented across multiple sources (NVD description aligns with the bypas...

The vulnerability of the microprogramming software of the Cisco TelePresence Serial Gateway allows a perpetrator to access the authentication data of arbitrary users.

The vulnerability of the microprogramming software of the Cisco TelePresence Serial Gateway device is related to the falsification of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...