Lucene search
K

134 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:17 a.m.5 views

CVE-2022-45413

Using the S.browserfallbackurl parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent. This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 107...

6.1CVSS6.1AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.11 views

CVE-2021-43807

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...

7.5CVSS6.7AI score0.01416EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/04/26 5:4 a.m.19 views

CVE-2025-28355

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...

4.7CVSS7.8AI score0.00191EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.6 views

PT-2025-17332 · Unknown · Volmarg Personal Management System

Name of the Vulnerable Software and Affected Versions: Volmarg Personal Management System version 1.4.65 Description: The issue allows attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none. This is related to Cross Site...

4.7CVSS7.2AI score0.00191EPSS
Exploits2References8
Cvelist
Cvelist
added 2025/04/18 12:0 a.m.13 views

CVE-2025-28355

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...

0.00191EPSS
Exploits2References3
OSV
OSV
added 2025/04/18 12:0 a.m.7 views

CVE-2025-28355

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...

4.7CVSS7.9AI score0.00191EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2025/04/18 12:0 a.m.7 views

CVE-2025-28355

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...

5.6AI score0.00191EPSS
Exploits2References3
OwnCloud
OwnCloud
added 2024/09/09 12:0 a.m.26 views

Cross-site Request Forgery in diagnostics app - ownCloud

Improper handling of CSRF protection in the diagnostics app in combination with the SameSite-Cookie setting being set to None allows cross site invocation of an admin API...

3.1CVSS6.4AI score
Exploits0Affected Software2
CNVD
CNVD
added 2024/07/12 12:0 a.m.7 views

Mozilla Firefox and Thunderbird Security Bypass Vulnerability (CNVD-2024-34595)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in Mozilla Firefox and Thunderbird, which can be exploited by attackers to bypass security restrictions caused b...

9.8CVSS6.5AI score0.00662EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/01/19 8:16 a.m.81 views

Internet Bug Bounty: Argo CD CSRF leads to Kubernetes cluster compromise

Cross-Site Request Forgery CSRF in github.com/argoproj/argo-cd CVE-2024-22424 Severity: High Impact The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.16 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the sa...

8.3CVSS6.7AI score0.00386EPSS
Exploits1
Prion
Prion
added 2024/01/19 1:15 a.m.19 views

Cross site request forgery (csrf)

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

5.1CVSS8.2AI score0.00386EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/19 12:25 a.m.8 views

CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

8.3CVSS7AI score0.00386EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/01/19 12:25 a.m.46 views

CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

8.3CVSS8.4AI score0.00386EPSS
Exploits1References3
Prion
Prion
added 2024/01/18 12:15 a.m.13 views

Cross site request forgery (csrf)

pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...

6.8CVSS7.2AI score0.00948EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.24 views

Rocky Linux 8 : firefox (RLSA-2022:8554)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8554 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined wi...

9.8CVSS7.8AI score0.01061EPSS
Exploits0References27
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.4 views

IBM Security Guardium 安全漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...

5.3CVSS5.9AI score0.00407EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.27 views

Amazon Linux 2 : firefox (ALASFIREFOX-2023-009)

The version of firefox installed on the remote host is prior to 102.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-009 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing informatio...

9.8CVSS7.7AI score0.01061EPSS
Exploits0References28
NVD
NVD
added 2023/07/10 5:15 p.m.18 views

CVE-2023-37277

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML...

9.6CVSS9.6AI score0.00669EPSS
Exploits0References3
Prion
Prion
added 2023/07/10 5:15 p.m.19 views

Cross site request forgery (csrf)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML...

6.8CVSS9.4AI score0.00669EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/07/06 3:15 a.m.26 views

CVE-2023-30674

Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie...

6.5CVSS6.4AI score0.00583EPSS
Exploits0References1
Rows per page
Query Builder