Lucene search
+L

10 matches found

nvd
nvd
added last week6 views

CVE-2026-59214

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

9CVSS0.00285EPSS
Exploits0References1
osv
osv
added 2025/05/15 7:23 p.m.9 views

GO-2025-3683 Vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf

Vulnerable to CSRF due to non-functional same-origin request checks in github.com/justinas/nosurf...

6.1CVSS6.1AI score0.00211EPSS
Exploits2References5
osv
osv
added 2020/08/31 10:48 p.m.14 views

GHSA-6QQJ-RX4W-R3CJ CSRF Vulnerability in jquery-ujs

Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains. When an attacker controls the href attribute of an anchor tag, or the action attribute of a fo...

6.5CVSS6.9AI score
Exploits0References4
typo3
typo3
added 2020/05/12 12:0 a.m.21 views

Same-Origin Request Forgery to Backend User Interface

It has been discovered that the backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are then executed with the privilege...

6.8CVSS2.9AI score0.00699EPSS
Exploits0Affected Software1
seebug
seebug
added 2017/12/29 12:0 a.m.48 views

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

6.8AI score
Exploits0
zdt
zdt
added 2016/12/31 12:0 a.m.62 views

Dell SonicWALL Global Management System GMS 8.1 Adobe Flex SOP Bypass Vulnerability

Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking i? Dell SonicWALL Global Management System GMS 8.1 Adobe Flex SOP Bypass Vendor: Dell Inc. Product web page:...

7AI score0.07973EPSS
Exploits5
zeroscience
zeroscience
added 2016/12/29 12:0 a.m.148 views

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

4.3CVSS5.7AI score0.07973EPSS
Exploits5
seebug
seebug
added 2016/01/27 12:0 a.m.26 views

Ruby on Rails jquery-ujs和jquery-rails安全绕过漏洞

Impact In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who...

7.1AI score
Exploits0
rubygems
rubygems
added 2015/06/16 12:0 a.m.28 views

CSRF Vulnerability in jquery-rails

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who will s...

5CVSS6.3AI score0.04397EPSS
Exploits1References1Affected Software1
threatpost
threatpost
added 2015/03/23 11:38 a.m.28 views

Adobe CVE-2011-2461 Remains Exploitable Via Flex Four Years After Patch

UPDATE: This article has been updated to add commentary and clarification from Adobe. A four year old Adobe Flash patch did not properly resolve a vulnerable Flex application, and attackers can exploit the bug, which is said to affect some 30 percent of Alexa’s top 10 most popular sites in the...

4.3CVSS8.4AI score0.07973EPSS
Exploits5References4
Rows per page
Query Builder