PT-2024-25165 · Tibco · Tibco Jasperreports Server

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 8.0.4 through 8.2.0 Description: The issue allows for the injection of malicious executable scripts into the code of a trusted application, potentially leading to the theft of a user's active session cookie...

PT-2024-24030 · Unknown · Pagelayer Popularfx

Name of the Vulnerable Software and Affected Versions: Pagelayer PopularFX versions 1.2.4 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Pagelayer PopularFX. This issue allows an attacker to perform unintended actions on a user's account. Recommendations: For versions...

PT-2024-24076 · Unknown · Stefano Lissa & The Newsletter Team Newsletter

Name of the Vulnerable Software and Affected Versions: Stefano Lissa & The Newsletter Team Newsletter versions n/a through 8.0.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2024-24578 · Unknown · Ads.Txt Admin

Name of the Vulnerable Software and Affected Versions: Ads.Txt Admin versions 1.3 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Ads.Txt Admin. This is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the...

The vulnerability of the client framework for AI and Python Ray application scaling application programming interface allows a attacker to execute arbitrary commands.

The vulnerability of the Client framework for AI and Python Ray application development lies in insufficiently checking incoming requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially crafted requests...

Incorrect Authorization

quarkus is vulnerable to Incorrect Authorization. The vulnerability is due to improper sanitization or validation for certain character permutations when accepting requests. This potentially can leads to improper evaluation of permissions, resulting in security bypass or Denial of Service...

Cross-Site Request Forgery (CSRF)

anchorcms/anchor-cms is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper request validation, which allows an attacker to forge requests and execute unauthorized actions on behalf of authenticated users...

PT-2024-14146 · Unknown · Ari Stream Quiz

Name of the Vulnerable Software and Affected Versions: ARI Stream Quiz versions 1.2.32 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue occurs when an application does not properly validate requests, allowing an attacker to trick a user into...

SUSE CVE-2023-52508

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvmefciogetuuid The nvmefcfcpop structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvmefciogetuuid passing a...

BIT-APISIX-2022-25757 Apache APISIX: the body_schema check in request-validation plugin can be bypassed

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...

The vulnerability of the proactor1.2 service (/usr/sbin/proactor1.2/pro), a microprogramming software for network interfaces and VPN devices from Zyxel, allows attackers to circumvent existing security restrictions.

The vulnerability of the proactor1.2 service /usr/sbin/proactor1.2/pro, a microprogrammed software for network interfaces and VPN devices from Zyxel, is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker to bypass existing security...

PT-2024-20497 · Native Grid Llc +2 · A No-Code Page Builder For Beautiful Performance-Based Content +2

Name of the Vulnerable Software and Affected Versions: A no-code page builder for beautiful performance-based content versions n/a through 2.1.20 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performin...

PT-2024-14241 · Unknown · Easy Paypal & Stripe Buy Now Button

Name of the Vulnerable Software and Affected Versions: Easy PayPal & Stripe Buy Now Button versions 1.8.1 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Easy PayPal & Stripe Buy Now Button. This issue allows for malicious requests to be made on behalf of the user...

The vulnerability of the ReportLab Python library for creating PDF files allows attackers to gain access to confidential data.

The vulnerability of the ReportLab Python library for creating PDF files is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data...

The vulnerability of the XWiki platform, a collaborative web application, lies in its insufficient validation of incoming requests. This allows attackers to gain unauthorized access to cookies files.

The vulnerability of the XWiki Platform lies in the insufficient verification of incoming requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to cookies files...

The vulnerability of the SAML components in Ivanti Connect Secure and Ivanti Policy Secure access control tools allows a perpetrator to disclose protected information.

The vulnerability of the SAML components in Ivanti Connect Secure and Ivanti Policy Secure network access control tools is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

PT-2024-19326 · WordPress · Freshmail For Wordpress

Name of the Vulnerable Software and Affected Versions: FreshMail For WordPress versions through 2.3.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application th...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage system lies in insufficiently checking incoming requests, allowing attackers to execute SSRF attacks.

The vulnerability of cloud software for creating and using Nextcloud Server storage solutions is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow a malicious actor to execute an SSRF attack remotely...

The vulnerability of the modVulnerabilityProtect module in the Trend Micro Apex Central security monitoring and management tool allows a threat actor to expose protected information.

The vulnerability of the modVulnerabilityProtect module of the Trend Micro Apex Central security management tool is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow a malicious actor to expose the protected information...

PT-2024-14425 · WordPress · White Label – Wordpress Custom Admin

Name of the Vulnerable Software and Affected Versions: White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard versions 2.9.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user...