51 matches found
CVE-2026-34403
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...
CVE-2025-10317
Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defined by the attacker. This software does not...
EUVD-2023-0689
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-2446
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves...
Linux Distros Unpatched Vulnerability : CVE-2017-2447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves...
Linux Distros Unpatched Vulnerability : CVE-2016-4624
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service memo...
Linux Distros Unpatched Vulnerability : CVE-2017-2362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue...
Linux Distros Unpatched Vulnerability : CVE-2018-4114
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes...
Linux Distros Unpatched Vulnerability : CVE-2017-7052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected...
CVE-2021-24714
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...
PHP 8.3.x < 8.3.6 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.6 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard...
SUSE CVE-2024-1727
A Cross-Site Request Forgery CSRF vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete...
CVE-2021-4399
The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the userdatasynchronizationinitiater, coursesynchronizationinitiater, userslinktomoodlesynchronization,...
curl: Incorrect handling of control code characters in cookies
A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...
CVE-2023-29020
CVE-2023-29020 describes a CSRF token fixation flaw in the interaction between @fastify/passport and @fastify/csrf-protection. The issue arises because @fastify/passport does not clear the user session on login, allowing the _csrf token generated before authentication to remain valid across unaut...
quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure
A flaw was found in Quarkus. If the Quarkus Form Authentication session cookie Path attribute is set to /, then a cross-site attack may be initiated, which might lead to information disclosure...
CVE-2023-0044
If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...
Design/Logic Flaw
If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...
CVE-2023-0044
If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...