134 matches found
CVE-2022-45413
Using the S.browserfallbackurl parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent. This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 107...
CVE-2021-43807
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...
CVE-2025-28355
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...
PT-2025-17332 · Unknown · Volmarg Personal Management System
Name of the Vulnerable Software and Affected Versions: Volmarg Personal Management System version 1.4.65 Description: The issue allows attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none. This is related to Cross Site...
CVE-2025-28355
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...
CVE-2025-28355
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...
CVE-2025-28355
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...
Cross-site Request Forgery in diagnostics app - ownCloud
Improper handling of CSRF protection in the diagnostics app in combination with the SameSite-Cookie setting being set to None allows cross site invocation of an admin API...
Mozilla Firefox and Thunderbird Security Bypass Vulnerability (CNVD-2024-34595)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in Mozilla Firefox and Thunderbird, which can be exploited by attackers to bypass security restrictions caused b...
Internet Bug Bounty: Argo CD CSRF leads to Kubernetes cluster compromise
Cross-Site Request Forgery CSRF in github.com/argoproj/argo-cd CVE-2024-22424 Severity: High Impact The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.16 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the sa...
Cross site request forgery (csrf)
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...
CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...
CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...
Cross site request forgery (csrf)
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
Rocky Linux 8 : firefox (RLSA-2022:8554)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8554 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined wi...
IBM Security Guardium 安全漏洞
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...
Amazon Linux 2 : firefox (ALASFIREFOX-2023-009)
The version of firefox installed on the remote host is prior to 102.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-009 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing informatio...
CVE-2023-37277
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML...
Cross site request forgery (csrf)
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML...
CVE-2023-30674
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie...