Lucene search
K

137 matches found

OSV
OSV
added 2024/07/31 2:15 p.m.6 views

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

8.3CVSS5.8AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/31 1:15 p.m.47 views

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

8.3CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2024/07/31 1:15 p.m.52 views

CVE-2024-3083

CVE-2024-3083 corresponds to a CSRF vulnerability in Plug&Track Sensor Net Connect (V2). Affected component: Plug&Track Sensor Net Connect V2, version 2.24. Root cause: cross-site request forgery that can enable remote attackers to perform state-changing operations with administrative privileges ...

8.3CVSS7.2AI score0.00227EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/31 1:15 p.m.15 views

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

8.3CVSS7AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/11 12:0 a.m.5 views

PT-2024-24418 · Leadinfo · Leadinfo

Name of the Vulnerable Software and Affected Versions: Leadinfo versions 1.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software. This issue allows an attacker to perform unintended actions on a user's account. The estimated number of potentially affected devices...

4.3CVSS6.7AI score0.00188EPSS
Exploits0References2
Prion
Prion
added 2023/12/20 12:15 a.m.15 views

Cross site request forgery (csrf)

A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application...

6.8CVSS7.1AI score0.00254EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.4 views

PT-2023-32740 · Efacec · Bcu 500 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF...

8.8CVSS8.5AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 2023/11/20 12:0 a.m.53 views

CVE-2023-38885

OpenSIS Classic Community Edition version 9.0 is described as lacking cross-site request forgery (CSRF) protection throughout the entire application. The vulnerability could allow an attacker to trick an authenticated user into performing any kind of state-changing request. The connected sources ...

8.8CVSS8.6AI score0.00365EPSS
Exploits0References3Affected Software1
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.11 views

Potential Race Condition in Rewards Calculation

Lines of code Vulnerability details Impact If exploited, this race condition could allow an attacker to manipulate rewards in transactions involving the buy, sell, mintNFT, or burnNFT functions. The attacker may gain an advantage in claiming rewards before the rewards calculation is updated. Proo...

7.4AI score
Exploits0
OSV
OSV
added 2023/10/25 6:17 p.m.4 views

CVE-2023-43508

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to...

6.5CVSS5.8AI score0.00377EPSS
Exploits0References1
Prion
Prion
added 2023/10/25 6:17 p.m.29 views

Authorization

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to...

4CVSS6.6AI score0.00377EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/24 6:11 p.m.53 views

CVE-2023-43508

Technical details (affected product versions, root cause, and fixes) are not publicly disclosed in the provided documents; monitor for updates from Aruba and related advisories.

6.5CVSS6.6AI score0.00377EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.8 views

[M-16] Reentrancy in the BaseBranchRouter contract

Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...

7AI score
Exploits0
NVD
NVD
added 2023/07/24 2:15 p.m.18 views

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

8.8CVSS8.7AI score0.00381EPSS
Exploits1References2
Prion
Prion
added 2023/07/24 2:15 p.m.22 views

Cross site request forgery (csrf)

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

6.8CVSS8.7AI score0.00381EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/24 12:0 a.m.26 views

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

8.9AI score0.00381EPSS
Exploits1References2
CVE
CVE
added 2023/07/24 12:0 a.m.61 views

CVE-2022-30280

Nokia NetAct 22 exposes a CSRF vulnerability at /SecurityManagement/html/createuser.jsf that lets remote attackers create users with arbitrary, including administrative, privileges. The app does not verify CSRF tokens, enabling exploitation via social engineering; impact ranges from unauthorized ...

8.8CVSS8.6AI score0.00381EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/03/22 6:15 a.m.14 views

CVE-2023-25594

A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to...

8.8CVSS6.8AI score0.00459EPSS
Exploits0References1
Prion
Prion
added 2023/03/22 6:15 a.m.23 views

Design/Logic Flaw

A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete...

6.5CVSS8.4AI score0.00459EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/10 12:0 a.m.6 views

PT-2023-13408 · Dell · Powerpath Management Appliance

Name of the Vulnerable Software and Affected Versions: PowerPath Management Appliance versions 3.0 through 3.3 Description: The issue allows an unauthenticated non-privileged user to potentially exploit the Cross-site Request Forgery vulnerability and perform any privileged state-changing actions...

8.8CVSS8.7AI score0.00314EPSS
Exploits0References4
Rows per page
Query Builder