Lucene search
+L

130 matches found

Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.12 views

Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS6.7AI score0.00234EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.7 views

GHSA-P5VX-9HJ8-CF4H Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS7AI score0.00234EPSS
Exploits1References3
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS0.00234EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.19 views

CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS0.00234EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.7 views

CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS6.8AI score0.00234EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.83 views

CVE-2024-7035

The CVE-2024-7035 issue affects open-webui/open-webui (v0.3.8). The underlying problem is CSRF because sensitive actions (delete/reset) are invoked via GET requests. Affected endpoints include /rag/api/v1/reset, /rag/api/v1/reset/db, /api/v1/memories/reset, and /rag/api/v1/reset/uploads, impactin...

6.9CVSS6.8AI score0.00234EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:10 a.m.6 views

CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS6.8AI score0.00234EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.8 views

PT-2025-7190 · Unknown · Shambhu Patnaik Rss Filter

Name of the Vulnerable Software and Affected Versions: Shambhu Patnaik RSS Filter versions n/a through 1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

7.1CVSS9.1AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.5 views

PT-2024-36274 · Unknown · Phuc Pham Multiple Admin Emails

Name of the Vulnerable Software and Affected Versions: Phuc Pham Multiple Admin Emails versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This affects the multiple admin emails functionality...

7.1CVSS7AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.10 views

PT-2024-33431 · Unknown · Cooked Pro

Name of the Vulnerable Software and Affected Versions: Cooked Pro versions prior to 1.8.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This problem involves CSRF attacks. Recommendations: For versions prior to 1.8.0, update to...

8.8CVSS7.2AI score0.00204EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.6 views

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Music Management System v1.0, which can be exploited by an attacker to spoof a malicious request and trick a victim into clicking on it to perform a...

3.5CVSS6.7AI score0.00188EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.7 views

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an attacker to forge a malicious request and trick a victim into clicking on it to perform a...

6.8CVSS6.8AI score0.00173EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.5 views

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminbackup.php?dobackup=avatars do not adequately verify that the request is from a trusted user , an attacker...

8.8CVSS6.8AI score0.00208EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.6 views

Warehouse Inventory System 安全漏洞

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editproduct.php component not adequately verifying that a request comes from a trust...

8CVSS6.8AI score0.00282EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/06/04 12:24 p.m.2 views

SUSE CVE-2024-4215

pgAdmin = 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account's username and password may authenticate to the application and perform sensitive actions within the application, such as managing files an...

8.5CVSS7.8AI score0.00629EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/02 5:42 p.m.26 views

CVE-2024-4215 The Multi Factor Authentication bypass vulnerability in pgAdmin 4

pgAdmin = 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files an...

7.4CVSS7.5AI score0.00629EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 5:42 p.m.4 views

CVE-2024-4215 The Multi Factor Authentication bypass vulnerability in pgAdmin 4

pgAdmin = 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files an...

7.4CVSS7.1AI score0.00629EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.5 views

PT-2024-9759

Name of the Vulnerable Software and Affected Versions pgAdmin versions = 8.5 Description The issue exists due to the incorrect implementation of multi-factor authentication in the pgAdmin database management tool. This allows a remote attacker to gain unauthorized access to the application and...

8.8CVSS6.9AI score0.08826EPSS
Exploits0References27
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.6 views

PT-2024-12695 · Unknown · Com.Evenwell.Fqc

Name of the Vulnerable Software and Affected Versions: com.evenwell.fqc version 9.0208.01 com.evenwell.fqc version 9.0209.13 com.evenwell.fqc version 9.0212.03 Description: The vulnerability in the com.evenwell.fqc app allows local third-party apps to execute arbitrary shell commands in its conte...

7.8CVSS7.2AI score0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.7 views

WordPress Plugin LifterLMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.7AI score0.00322EPSS
Exploits0References2
Rows per page
Query Builder