GatesAir Maxiva 安全漏洞

GatesAir Maxiva is a series of transmitters from GatesAir USA. A security vulnerability exists in the GatesAir Maxiva UAXT Transmitter and VAXT Transmitter that stems from improperly validated POST request processing when debug mode is enabled, resulting in remote code execution...

PT-2025-7193

Name of the Vulnerable Software and Affected Versions: Post Thumbs versions n/a through 1.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

CVE-2024-34084

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

CVE-2024-56200

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

PT-2025-5101 · Unknown · Style Admin

Name of the Vulnerable Software and Affected Versions: Style Admin versions n/a through 1.4.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web applicatio...

USN-7203-1: PowerDNS vulnerabilities

Wei Hao discovered that PowerDNS Authoritative Server incorrectly handled memory when accessing certain files. An attacker could possibly use this issue to achieve arbitrary code execution. CVE-2018-1046 It was discovered that PowerDNS Authoritative Server and PowerDNS Recursor incorrectly handle...

CVE-2024-56200

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

CVE-2024-56200

CVE-2024-56200 affects Altair (fork of Misskey v12). Affected versions lack request validation and authentication in the image proxy used for compressing/resizing remote files, enabling attacks that can degrade availability by spiking CPU or network load. The issue is fixed in v12.24Q4.1; upgradi...

CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

The vulnerability of the Ruijie Reyee OS operating system’s proxy server allows a hacker to execute an SSRF attack.

The vulnerability of the Ruijie Reyee OS operating system’s proxy server is related to insufficient checking of requests on the server side. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

PT-2024-36254 · Gitsync · Gitsync

Name of the Vulnerable Software and Affected Versions: GitSync versions n/a through 1.1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Code Injection. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2024-36272 · Unknown · Push Monkey Pro – Web Push Notifications +1

Name of the Vulnerable Software and Affected Versions: Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart versions n/a through 3.9 Description: The issue is a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This means an attacker can tric...

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java software for creating and deploying web applications allows a attacker to perform an SSRF attack.

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java web application development and deployment framework is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using a...

PT-2024-9306 · Sap · Sap Netweaver Administrator

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Administrator affected versions not specified Description: The issue allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests, potentially resulting in...

PT-2024-35839 · Unknown · April'S Call Posts

Name of the Vulnerable Software and Affected Versions: April's Call Posts versions n/a through 2.1.1 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

The vulnerability of the Notes Station application for QNAP network storage, related to insufficient validation of incoming requests, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Notes Station application for QNAP network storage devices is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by manipulating requests sent...

Cross-site Request Forgery (CSRF)

wallabag is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request validation, allowing attackers to arbitrarily delete user accounts via the /account/delete endpoint...

CVE-2021-27701

SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery CSRF via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF request...

CVE-2021-27701

SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery CSRF via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF request...