59 matches found
EUVD-2023-1982
Malicious code in bioql PyPI...
EUVD-2023-35038
Malicious code in bioql PyPI...
EUVD-2024-0307
Malicious code in bioql PyPI...
EUVD-2025-11905
Malicious code in bioql PyPI...
EUVD-2022-48282
Malicious code in bioql PyPI...
CVE-2022-45413
Using the S.browserfallbackurl parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent. This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 107...
CVE-2025-28355
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...
CVE-2025-28355
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...
CVE-2025-28355
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...
CVE-2025-28355
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery CSRF allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none...
Internet Bug Bounty: Argo CD CSRF leads to Kubernetes cluster compromise
Cross-Site Request Forgery CSRF in github.com/argoproj/argo-cd CVE-2024-22424 Severity: High Impact The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.16 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the sa...
Cross site request forgery (csrf)
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...
CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...
Cross site request forgery (csrf)
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
Amazon Linux 2 : firefox (ALASFIREFOX-2023-009)
The version of firefox installed on the remote host is prior to 102.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-009 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing informatio...
CVE-2023-37277
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML...
CVE-2023-30674
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie...
Input validation
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie...
CVE-2023-30674
Samsung Internet
CVE-2023-30674
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie...