CVE-2016-20054

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

CVE-2026-4141 Quran Translations <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form

The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation in the quranplaylistoptions function that handles the plugin's settings page. The function processes POST requests to update...

PT-2026-26843

The Post Snippits plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page handlers for saving, adding, and deleting snippets. This makes it possible for unauthenticated attackers to...

Exploit for CVE-2026-1208

CVE-2026-1208: Cross-Site Request Forgery in Friendly Function...

CVE-2025-36754

The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token or authentication in place. This would allow an attacker for instance to point the device to an...

CVE-2025-27919

CVE-2025-27919 affects AnyDesk up to version 9.0.4. A remote user with the 'Control my device' permission can modify remote AnyDesk settings and create a password for the Full Access profile without counterparty confirmation, enabling later connections without confirmation. Impact per sources: co...

CVE-2025-12616

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

CVE-2025-11497 Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation

The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBcprepareelementstoclean function. This makes it possible for unauthenticated attackers to alte...

CVE-2025-10303 Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation

The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7librarymanagementajaxhandler function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...

CVE-2025-10303

CVE-2025-10303 affects the WordPress Library Management System plugin. The root cause is a missing capability check in owt7_library_management_ajax_handler(), affecting all versions up to 3.1, enabling authenticated users with Subscriber-level access and above to modify various plugin settings. W...

EUVD-2021-11826

Malware in sbrugna...

EUVD-2019-9270

Malware in sbrugna...

EUVD-2023-51424

Malicious code in bioql PyPI...

EUVD-2023-59100

Malicious code in bioql PyPI...

EUVD-2024-49467

Malicious code in bioql PyPI...

EUVD-2023-41879

Malicious code in bioql PyPI...

EUVD-2024-43153

Malicious code in bioql PyPI...

CVE-2023-47297

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...

PT-2025-26608 · Ncr · Ncr Terminal Handler

Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: A settings manipulation issue allows attackers to execute arbitrary commands, including editing system security auditing configurations. Recommendations: For NCR Terminal Handler version 1.5.1,...

CVE-2023-47297

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...