PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in several API endpoints that lack proper authentication checks. An attacker can access sensitive data, perform state-changing operations, and obtain internal configuration details by sending...

CVE-2025-6670 Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services

A Cross-Site Request Forgery CSRF vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in the event processor of the Carbon console. Although the SameSite=Lax cookie attribute is used as a mitigation...

PT-2025-47301

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A Cross-Site Request Forgery CSRF issue exists in multiple WSO2 products. This is due to the use of the HTTP GET method for state-changing operations within admin services, specifically...

WordPress plugin WP Go Maps 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...

EUVD-2024-31689

Malicious code in bioql PyPI...

CVE-2024-0392

A Cross-Site Request Forgery CSRF vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user,...

CVE-2024-0392

CVE-2024-0392 describes a CSRF vulnerability in the management console of WSO2 Enterprise Integrator 6.6.0 caused by the absence of CSRF token validation. The vulnerability can enable an attacker to trigger certain state-changing operations on behalf of an authenticated user via crafted requests,...

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

CVE-2024-3083

CVE-2024-3083 corresponds to a CSRF vulnerability in Plug&Track Sensor Net Connect (V2). Affected component: Plug&Track Sensor Net Connect V2, version 2.24. Root cause: cross-site request forgery that can enable remote attackers to perform state-changing operations with administrative privileges ...

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

Potential Race Condition in Rewards Calculation

Lines of code Vulnerability details Impact If exploited, this race condition could allow an attacker to manipulate rewards in transactions involving the buy, sell, mintNFT, or burnNFT functions. The attacker may gain an advantage in claiming rewards before the rewards calculation is updated. Proo...

CVE-2022-23679

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

CVE-2022-23679

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

CVE-2022-23680

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

PT-2022-16190 · Aruba · Arubaos-Cx Switches

Name of the Vulnerable Software and Affected Versions: ArubaOS-CX Switches versions 10.06.0200 and below ArubaOS-CX Switches versions 10.08.1060 and below ArubaOS-CX Switches versions 10.09.1020 and below ArubaOS-CX Switches versions 10.10.0002 and below Description: The issue is related to the...

CVE-2022-22552

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations...

CVE-2022-22552

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations...